Audit your most important account passwords
Check that your email, banking, and social media accounts all have strong, unique passwords. Replace any that are reused across multiple sites or that are short and easy to guess.
Why this matters
Reused passwords are the single most effective way for attackers to access multiple accounts after one breach. If a site you used years ago was hacked, any account where you used the same password is now at risk. A password audit finds and fixes these weaknesses before they are exploited.
How to do it
- List your most important accounts: primary email, banking, social media, HMRC/Government Gateway, and any accounts linked to your email for password resets.
- For each account, check whether the password is unique or shared with any other account.
- Use your browser's saved passwords or password manager to identify duplicates — most password managers have a built-in security audit feature.
- Replace any duplicate or weak passwords with a strong, unique password generated by your password manager.
- Check haveibeenpwned.com — enter your email address to see if it has appeared in any known data breaches, then change passwords for any affected services.
Cyber Essentials framework
This task falls under the User Accesscontrol — one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment.
Track your full security score — free
Create a free account to check off tasks, see your Security Score, and build toward Cyber Essentials alignment.
Start your free security check