It’s 2025, and somehow “123456” is still a go-to password for some people. Convenience often wins out, even when it puts security at risk. Convincing someone to rethink their password choices isn’t easy, but here’s what worked for me.

Understanding the Challenge

Before diving into solutions, let’s address the root of the problem: convincing people to take online security seriously isn’t easy. Many see the internet primarily as a tool, not as a source of potential threats, especially those who didn’t grow up with cybersecurity as a constant concern. Unfortunately, the consequences of weak password practices can be devastating.

The disconnect often lies in the perceived risk. Most people don’t believe they’re likely targets. They assume hackers target corporations or celebrities, not everyday people. But that’s precisely what makes common, easy-to-guess passwords so dangerous. Hackers rely on widespread negligence to gain access to large numbers of accounts with minimal effort.

Hackers specifically target easy passwords like 123456 because they’re so widely used. In fact, it consistently ranks near the top of “worst password” lists. But when dealing with friends who are accustomed to simplicity, a stern lecture won’t cut it. You need to demonstrate the value of stronger passwords in a way that feels accessible, worthwhile, and relevant to their personal lives.

Educate Them on the Dangers

The first step is to help your friends understand the “why.” Simply telling them that “123456” isn’t strong enough won’t be effective; your friends need to see it as a serious threat to their privacy and personal data. To make the risk real, share stories of people whose accounts have been compromised due to weak passwords, from social media to banking platforms.

One particularly effective example involves credential stuffing attacks, where hackers use leaked login credentials from other platforms to gain access to somebody’s other accounts. When your friends realize that a single weak password can potentially expose their private information across multiple sites, they begin paying closer attention.

It’s also important to emphasize how interconnected our digital lives have become. A single compromised password can open unauthorized access to financial records, medical data, and even personal conversations. That perspective shift makes all the difference. For friends who shop online frequently or use cloud storage for personal files, understanding that their favorite convenience could become a vulnerability becomes a turning point.

Introduce the Idea of Stronger Passwords

Once the risks are clear, start discussing solutions. Instead of overwhelming your friends with technical terms or diving straight into password management tools, start with something simple: strong passphrases.

Explain that creating strong passwords doesn’t have to be difficult. Passphrases that consist of random combinations of words, numbers, and symbols are both memorable and secure. A classic example is “CorrectHorseBatteryStaple” (relevant XKCD), but even something like “PurpleTiger99Sunshine!” is both easy to recall and difficult to crack.

You can also suggest creating passwords based on memorable phrases, such as quotes or song lyrics, and then modifying them with symbols and numbers. For instance, “May the Force be with you” can become “M@yT#heF0rc3!”—a password that’s unique, complex, and meaningful to them.

Talk about setting up a system or personal pattern to remember how to create secure passwords without writing them down. This small shift in mindset makes the idea of password security feel like something your friends can realistically manage on their own.

Use a Password Manager

Even with strong passwords, convenience remains a concern. That’s when you introduce password managers. These tools securely generate and store strong, unique passwords for each account, eliminating the need to remember them all.

Help your friends set up a trusted password manager and guide them through the process of storing their logins and generating new ones. Once they see how easy it is to use—especially with autofill features—they’re sold.

Spend some time replacing old, reused passwords. What starts as a tedious chore can turn into a small group effort, and the sense of accomplishment becomes a real motivator.

Once your friends realize they no longer have to reset their passwords every time they log in to a new site, it becomes a game-changer. With a reliable password manager, they can open an app and securely access all their information.

Related

You Can Use Your Browser Password Manager If You Take These 5 Precautions

Your browser password manager isn’t the most secure option, but you can take steps to improve its security.

Enable Two-Factor Authentication (2FA)

After a few weeks of building better password habits, introduce the idea of two-factor authentication (2FA). There will likely be some initial reluctance, since nobody enjoys extra steps. However, it’s important to explain how 2FA significantly reduces the risk of unauthorized access, even if a password is compromised.

Walk them through enabling 2FA on their most important accounts, including email and banking. Use apps like Google Authenticator, which generate time-sensitive codes. Once they realize it only takes a few seconds and adds meaningful protection, they’ll be far more open to it.

The added security feels reassuring rather than inconvenient. Plus, this additional step isn’t always necessary. Some platforms automatically allow access from trusted devices or offer biometric login after setup, striking a balance between security and usability.

Encourage Regular Updates and Monitoring

Cybersecurity isn’t something you can set and forget; it’s something you have to stay on top of. Suggest turning on security alerts for their most important accounts. Most services offer features that send notifications if there’s a login from a new device, a password change, or any other unusual activity. Guide them to the account settings where they can find options like “login alerts” or “security notifications.” These alerts act as an early warning system, so if something seems off, they’ll know right away.

It’s also worth checking your account activity from time to time. Platforms like Google, Facebook, and many banking apps allow you to see where and when accounts were accessed. If your friends ever notice a device or location that doesn’t look familiar, it’s a good idea to change the password right away and sign out of other sessions.

Encourage them to set a recurring reminder to check in every month or two. These quick reviews—changing passwords, checking for alerts, scanning activity—can become part of a simple routine. It doesn’t have to feel like a chore. A few small habits can go a long way toward keeping their accounts secure and giving them more peace of mind online.

Offer Ongoing Support

Throughout the process, stay actively involved at every step. Whether it’s helping to recover a forgotten master password or walking through the steps to update an account, being available to troubleshoot and offer guidance makes all the difference in keeping things on track.

The key is consistency and patience. Not everyone becomes a cybersecurity expert overnight, but with ongoing support, encouragement, and a patient attitude, it’s entirely possible to develop long-lasting, positive habits.

You may be surprised by how many of your friends express a desire to learn more once they feel confident in the basics. Oftentimes, these simple changes can set the stage for a deeper understanding of online safety. A few may even ask about securing Wi-Fi networks or using VPNs to safeguard their data. That kind of curiosity often starts with small, early wins like improving password security.

Related

5 Password Tools to Create Strong Passphrases and Update Your Security

Create a strong password that you can remember later. Use these apps to upgrade your security with new strong passwords today.

Helping others strengthen their digital protection isn’t just about showing them why it matters; it’s about offering realistic, accessible advice while staying supportive throughout the process. A little education, a few good tools, and ongoing encouragement are all it takes to help them take control of their online security. It’s a small investment of time that leads to a significantly safer digital future for everyone involved.