7 Common Passwords To Avoid

Frequently Asked Questions

Is it safe to write my passwords down in a notebook?

Writing your passwords in a notebook is generally much safer than using weak passwords or reusing the same password across multiple sites. A hacker in another country cannot read a notebook sitting in your desk drawer. However, this method has physical risks. If you use a notebook, keep it hidden away from plain sight, never carry it with you in your purse or briefcase where it could be lost, and ensure a trusted family member or executor knows where it is in case of an emergency.

Do I really need a different password for every single account?

Ideally, yes. However, if that feels entirely overwhelming, you must practice “tiering.” Your highest tier of accounts—your primary email address, your bank, your brokerage, Medicare, and Social Security—must absolutely have unique, long, unguessable passphrases that you do not use anywhere else. If you choose to reuse a password for low-risk sites (like a news website where you only read articles), the damage is contained if that site is breached. Never mix passwords between high-tier and low-tier accounts.

How do I know if my password has been stolen?

Data breaches happen constantly, often without the user’s immediate knowledge. You can check if your email and passwords have been compromised by using reputable, free cybersecurity tools like “Have I Been Pwned” (run by respected security researchers). Additionally, modern smartphones and web browsers now actively monitor known data breaches. If you get a notification from Apple or Google stating that a password you saved has appeared in a data leak, take it seriously and change that password immediately.

Are password manager programs actually safe to use?

Yes, reputable password managers are highly secure. They use advanced encryption methods, meaning that the company providing the software cannot see your passwords. Your “vault” of passwords is locked behind one master passphrase that only you know. If the password manager company is hacked, the criminals only get encrypted, unreadable data. Using a dedicated password manager is widely considered the best practice by cybersecurity experts globally.