Skip to main content
User AccessHigh priority

Change any weak or reused passwords

Identify and replace passwords that are short, simple, or used on more than one account.

Why this matters

If one service you use is breached, attackers will try your leaked password on hundreds of other sites. Unique passwords stop this attack cold.

How to do it

  1. Check haveibeenpwned.com to see if your email appears in any data breaches
  2. Prioritise changing passwords for email, banking, and social media first
  3. A strong password is at least 12 characters — use your password manager's generator
  4. Never reuse a password across more than one account

Cyber Essentials framework

This task falls under the User Accesscontrol — one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment.

Track your full security score — free

Create a free account to check off tasks, see your Security Score, and build toward Cyber Essentials alignment.

Start your free security check