It's official: Your old password is totally worthless

Old habits die hard, and old passwords die harder.

But if you ever needed extra motivation to forget that ancient password you've been reusing for years, you'll find it in Yahoo's recent admittance that a 2013 security breach affected all 3 billion user accounts on the site.

Think about that number. That's 3 billion passwords. There weren't 3 billion people on the internet in 2013, but there were that many Yahoo accounts because some people had several Yahoo accounts at the time. But, roughly, because Yahoo was so huge, basically everyone had a Yahoo account at some point (just like basically everyone had a Google account at some point). And somewhere, there's a database with all those usernames and passwords.

That means a hacker can take an email address and a password pair and run it against all the popular sites on the internet. Facebook. Google. Ebay. Amazon. PayPal.

Did you use an old password when you created an account on any of those sites? Did you think that hackers won't target you? News flash: Malicious hackers, except in some very specific cases, don't care who you are. They're not targeting you, personally. They have scripts that go through millions of usernames and passwords, and try them against hundreds of sites. If an old password works, boom: They got something of value.

I get it. Maybe you were in a hurry to buy that new Kindle for Christmas, and you just needed an account, fast. Perhaps you meant to change the password later, but never did. Or maybe you're one of those people who simply cannot remember more than one or two passwords and won't be bothered with a password manager.

Well, if you had a Yahoo account in 2013 (or 2012, or ever), and you're still using that old password, you're putting yourself at serious risk. You could lose personal data, your reputation, or even your money.

This Tweet is currently unavailable. It might be loading or has been removed.

And it's not just Yahoo. Basically every large site, service or company experienced some sort of security breach in its history (though none were larger than Yahoo's colossal screw-up). It happened to MySpace as well. It happened to Equifax. It happened to Verizon. And massive security flaws such as Heartbleed exposed basically every site on the internet, including Google and Facebook. You think you're safe? No one is safe.

But you're not helpless. We have some good tips for staying secure online here and here, but in a nutshell, this is what you need to do: Don't re-use the same password on multiple sites. Use a password manager. Use two-factor authentication whenever possible (I know it's a hassle, but you should still do it).

Nothing can fully protect you from a hack. A site you're using might get hacked and your personal data can be stolen, and there's nothing you can do about that. But you can at least make sure the same people can't use that data to login on all your other sites.

Think about good password practices as brushing your teeth. It's not something you really want to do twice every day, but you know you have to, or there will be consequences. So you simply get out of bed every morning and do it, no questions asked. The next time you need to think of a new password, and you really, really don't want to, suck it up. Install a password manager. Follow the steps. Create a fresh, safe password.

If you don't, somewhere down the line, there will be consequences.