The 1st of February is called Change Your Password Day. We at Team Spybot usually do not celebrate this day, because a forced changing of passwords regularly usually leads to weaker passwords. This year we want to change the recommendation a bit:


Check your passwords and change them so that you do not have the same password for any two services!


Background: A technique called credential stuffing. Credential stuffing means that criminals take lists of credentials that have been compromised on some sites and see if they work on other sites.


A few things can help:


Keep separate passwords for each service, do not use your personal details such as your date of birth, do not use words that can be found in dictionaries.


Use a password manager. This will help you keep a list of the complex passwords you choose. If you're tech-savvy, you can use KeePass or Bitwarden to store them on your own hardware. Bitwarden is also available as a hosted service.


Use multi-factor authentication. Many services now offer two-factor authentication. Instead of just entering your username and password, you need to enter another factor (usually valid for a short time), created on your smartphone or sent by email or SMS, to log in. Criminals won't be able to log in with just a stolen username and password.


Check if your details have been involved in any breaches. Use an online service such as Have I Been Pwned or our own Spybot Identity Monitor, which includes Have I Been Pwned plus our own lists.