Xiaomi has just given a global launch to two of its latest flagship phones, the Xiaomi 17 and 17 Ultra, along with a Leica-branded Leitzphone edition of the Ultra. There’s no sign, however, of the 17 Pro, which launched in China with an additional display mounted next to the rear cameras.
Technology
How secure is my password? Use this test to find out
The RockYou2024 leak, which exposed almost 10 billion passwords in July of last year, might seem like old news, but its impact is still felt today.
It’s considered the largest password compilation ever released. With such a vast collection of breached credentials circulating, the risk of credential stuffing, identity theft and unauthorized access to online accounts and systems remains high. For anyone still reusing passwords, the dangers are real — and growing.
That’s why password security has never been more critical, and the big question remains, how secure is my password?
Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up!
Username and password on tablet (Kurt “CyberGuy” Knutsson)
Why does password strength matter?
Think of weak passwords as an open door for hackers. Recent reports show that many common passwords can be cracked in literally seconds. Simple or reused passwords are especially vulnerable to automated attacks, and once one account is breached, others are often quickly compromised.
If a company you’re signed up with experiences a data breach and your login info is leaked, attackers can try that same password on other platforms, potentially unlocking a lot more than just one account.
Strong passwords act as your first line of defense. They’re long, complex and unique, making it significantly harder for attackers to guess or force their way in. When every account has its own strong password, even if one gets leaked, the rest stay safe.
Think of it this way. A weak password is like using the same key for your house, car and office and leaving it under the doormat. A strong password? It’s like a unique, high-security key for every door in your digital life.
Illustration of username and password (Kurt “CyberGuy” Knutsson)
APPLE FIXES PASSWORDS APP VULNERABILITY ENABLING WI-FI ATTACKS
What are the top 5 passwords to avoid?
The most commonly used and insecure passwords are:
- 123456
- 123456789
- 12345678
- password
- Qwerty123
These passwords are extremely easy to guess and should be avoided at all costs.
Illustration of password login on laptop (Kurt “CyberGuy” Knutsson)
MALWARE STEALS BANK CARDS AND PASSWORDS FROM MILLIONS OF DEVICES
Password strength test: 7-point self-evaluation checklist
How secure is your password, really? It’s time to put it to the test. Grab a pen (or just keep a mental tally) and score yourself based on this 7-point password strength test. Each “yes” earns you a point. So, let’s see how your password holds up in today’s threat landscape.
1. Is your password at least 12 characters long?
Length is your first line of defense. Short passwords — think six or eight characters — can be cracked in minutes by modern hacking tools. At 12 characters or more, you’re making it exponentially harder for attacks to succeed.
2. Does it include a mix of upper and lowercase letters?
Mixing uppercase and lowercase letters strengthens your password by increasing complexity. For example, instead of using something like “t8g5k9w2,” use “T8g5K9w2” — same characters, just more variety. Mix it up.
3. Does it include numbers?
Adding numbers makes your password harder to crack. Instead of sticking to just letters — like “Trkplmsh” — try something like “Tr8k5Plm2sh.” Randomly placed numbers increase complexity and make your password much more secure.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
4. Does it include special characters?
Symbols like !, @, #, and $ add another layer of security. For example, a password like “T8g5K9w2” becomes even stronger as “T8g5#K9w2!.” Special characters increase complexity and help defend against attacks.
5. Is it unique (not reused across accounts)?
Reusing passwords is like handing hackers a master key. If one account gets breached, and you’ve reused that password elsewhere, you’re toast. One password, one purpose. No exceptions.
6. Does it avoid personal info like your birthdate?
Your name, birthday or “Fluffy1990” (your dog’s name and birth year) might feel clever, but they’re goldmines for attackers who can scrape social media or breached data. Keep it impersonal and unpredictable.
7. Have you changed it in the last 90 days?
Even good passwords can go stale. It’s a smart move to update them every 90 days, or sooner if a site you use has a security issue.
Illustration of password login on laptop (Kurt “CyberGuy” Knutsson)
DANGEROUS CHROME EXTENSIONS MIMIC PASSWORD MANAGERS
How did you score?
Now, let’s take a look at your score:
- 0-2 points: Uh-oh. Your passwords are waving a welcome flag to hackers. Time for a serious upgrade.
- 3-4 points: Not terrible, but you’re still vulnerable. Patch those weak spots pronto.
- 5-6 points: Solid effort! You’re close to fortress-level security — tweak a bit more.
- 7 points: Nailed it. Your password is strong and secure — just remember to keep it updated.
This quick password strength test isn’t just a quiz, it’s a good reminder. Even one weak spot could be all it takes for someone to break in. In a world full of data leaks, a strong, unique password is one of the easiest ways to protect yourself. So, what’s your score? Think it’s time to level up?
What should I do if my password strength is low?
If your score didn’t quite hit that seven out of seven mark, no worries. The good news? You’ve already taken the first step by identifying the weak spots. Now, you’ve got two options:
Build a better password yourself
To keep your passwords secure, use ones that are at least 12 characters long with a mix of uppercase and lowercase letters, numbers and special characters. Avoid using personal information or common patterns. Always use a different password for each account, and enable two-factor authentication whenever it’s available.
While you can build a strong password on your own, let’s be real, it’s not always easy. Coming up with something that’s at least 12 characters long, includes uppercase and lowercase letters, numbers, special symbols and isn’t based on anything personal? That’s a tall order. And even if you do manage to craft the perfect one, you’ve still got to remember it, especially if you’re using a different strong password for every account (which you absolutely should be).
Let a password generator do the heavy lifting
This is the easier, faster and frankly smarter route. A password generator creates long, complex, completely random passwords for you — no guesswork or mental gymnastics required. These tools are designed to pump out passwords that check all the boxes, making them far harder to crack. If you want an easy and secure option, many password managers include built-in password generators that follow best practices for maximum strength.
Either way, the key takeaway is this: Don’t settle for weak or recycled passwords. Whether you go DIY or use a tool, upgrading your password strength is one of the simplest ways to protect yourself online.
Illustration of online banking login on laptop (Kurt “CyberGuy” Knutsson)
What is the best password manager?
Password security can seem like a tough thing to maintain manually. The good news is that password managers take the hassle out of it by generating, storing and autofilling strong, unique passwords for you.
We recommend a password manager that is secure, user-friendly and includes features like a password health tool, data breach monitoring and a built-in password generator to help you create strong, unique passwords. Essentially, they are a digital safe designed to encrypt and store your login credentials, passkeys, credit card details, personal information and even sensitive files. It remembers everything for you, organizes your credentials neatly and fills in login forms with a single click. When you sign up for a new site, it autosaves the password with no effort required.
The best part? A password manager puts an end to password reuse. Instead of leaning on that tired old “Fluffy1990” for every account, it generates strong, unique passwords tailored to each site, boosting security for both your personal and professional life. So, with a password manager, you’ll no longer have to ask yourself, how secure is my password?
Get more details about my best expert-reviewed Password Managers of 2025 here.
Kurt’s key takeaways
With data breaches becoming increasingly common, it’s clear that password security isn’t a “set it and forget it” task. It’s an ongoing process. By prioritizing strong passwords and using tools to help you manage them effectively, you can significantly reduce your risk and enjoy greater peace of mind online.
Do you feel that the companies you interact with online are doing enough to protect your data and passwords? What more could they be doing? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Polymarket has been allowing people to bet on when the US would strike Iran next. Obviously, now that it’s actually happened and people have died, the prediction betting market is feeling some pressure. The site has been at the center of controversy before, including suspicions of insider trading on the Super Bowl halftime show and the capture of Venezuelan President Nicolás Maduro.
In a statement posted on its site, Polymarket defended its decision to allow betting on the potential start of a war, saying that it was an “invaluable” source of news and answers, before taking shots at traditional media and Elon Musk’s X. The statement reads:
…
Read the full story at The Verge.
NEWYou can now listen to Fox News articles!
Google has officially discontinued its Dark Web Report feature, a free tool that once scanned known dark web breach dumps for personal information tied to a user’s Google account. The service delivered notifications when email addresses and other identifiers appeared in leaked datasets.
According to Google’s support page, the system ceased scanning for new dark web data Jan. 15, 2026, and the reporting function was removed entirely on Feb. 16, 2026, meaning users can no longer access the feature.
The company said the decision reflects a shift toward security tools it believes provide clearer guidance after exposure, rather than standalone scan alerts.
If you previously relied on the free dark web scan as an early warning signal for leaked data, this change removes one of your sources.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Google officially ended its Dark Web Report tool, removing free breach alerts tied to user accounts. (Kurt “CyberGuy” Knutsson)
So what did users really lose?
Google’s Dark Web Report acted as a basic exposure scanner. It checked whether personal information linked to a Google account had surfaced in known breach collections circulating on the dark web.
When a match is found, users receive a notification identifying which type of data appeared in a leak. Depending on the data breach, that could include an email address, phone number, date of birth or other identifying details commonly harvested during large-scale hacks.
The report did not display stolen credentials or provide access to the leaked database itself. It also did not trace the origin of the compromise beyond referencing the breached service when available.
After an alert was issued, the next steps were left to the user. Google recommended actions such as changing passwords, enabling stronger authentication methods and reviewing account security settings. With the tool now removed, that automated breach check tied directly to a Google account is no longer available.
What you still have access to
Google directs users to its Security Checkup, a dashboard that scans your account for weak settings and unusual sign-in activity.
Its built-in Password Manager includes Password Checkup, which scans saved credentials against known breach databases and prompts you to change exposed passwords. Google also supports passkeys and two-factor verification to lock down account access.
The Results About You tool lets users search for personal information in Google Search and submit removal requests for certain publicly indexed details.
149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK
Without the automatic scan, users must now check for leaked data using other security tools. (iStock)
Alerts don’t always mean protection
Once personal information is compromised, it often ends up far beyond the breach itself. Stolen credentials and identity data are regularly trafficked on underground platforms where buyers can search for information tied to real people.
The BidenCash dark web marketplace was taken down by U.S. authorities in June 2025, and the Justice Department confirmed that the platform peddled stolen personal information and credit card data.
These illicit markets operate with a level of organization not unlike legitimate online stores. Search tools and bulk data sets are up for grabs and can be used to target any online account. This makes credential stuffing easier, where attackers test leaked passwords across multiple services in hopes of barreling into your account.
A breach alert tied to a dark web scan points to a leak at one moment in time; it does not follow whether that information has been sold to third parties or used in subsequent fraud attempts. For everyday users, this means that just knowing your data appeared in a leak doesn’t help much.
THINK YOUR NEW YEAR’S PRIVACY RESET WORKED? THINK AGAIN
Stolen personal information can circulate for years, making ongoing monitoring more important than a one-time alert. (Kurt “CyberGuy” Knutsson)
Identity monitoring may be a better option
With Google’s scan gone, some people may consider dedicated identity protection services instead. Many of these services offer continuous monitoring of your personally identifiable information and send alerts about changes to your credit reports from all three major U.S. credit bureaus. That can include notifications about new inquiries, newly opened accounts and monthly credit score updates. Some plans also monitor a broader range of personal identifiers, such as driver’s license numbers, passport numbers and email addresses.
Beyond credit monitoring, certain services track linked bank, credit card and investment accounts for unusual activity. They may also monitor public records for changes to addresses or property titles and alert you if your information appears in those filings.
Many providers include identity theft insurance to help cover eligible out-of-pocket recovery costs. Coverage limits vary by plan and provider. Additional features often include spam call and message protection, a password manager, a virtual private network (VPN) and antivirus software.
No service can prevent every form of identity theft. However, ongoing monitoring and recovery support can make it easier to respond quickly if your information is misused.
See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
Kurt’s key takeaways
Google’s decision to drop its Dark Web Report may seem small. But it removes a tool many users relied on. For some, those alerts were the first warning that their data appeared in a breach. That automatic scan is now gone. Google still offers Security Checkup, Password Checkup, passkeys and two-step verification. However, none of them actively scan dark web breach dumps for you. Stolen data does not disappear. Criminals copy, sell and reuse it. One alert shows a single moment. Ongoing identity theft monitoring helps you stay aware over time.
Now that Google has dropped its dark web monitoring feature, will you actively check your data exposure or assume someone else is watching it for you? Let us know your thoughts by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
The 17 and 17 Ultra will apparently be available soon in the UK, Europe, and select other markets. The 17 — pitched as a rival to the likes of the iPhone 17 and Samsung Galaxy S26 — will cost £899 / €999 (about $1,200), while the larger and more capable Ultra starts from £1,299 / €1,499 ($1,750). The limited-edition Leitzphone will be substantially more expensive at £1,699 / €1,999 ($2,300), though it includes 16GB of RAM and 1TB of storage, along with a few extra accessories.
The 17 is an extremely capable small-ish flagship, with a 6.3-inch OLED display, Qualcomm Snapdragon 8 Elite Gen 5, and large 6,330mAh silicon-carbon battery (though sadly smaller than the 7,000mAh version launched in China). I won’t be writing a full review of the 17, but did spend a week using it as my main phone, and found that the battery cruised past the full-day mark, though wasn’t quite enough for two full days of my typical usage. That’s far better battery life than you’d find in similarly sized phones from Apple, Samsung, or Google.
The cameras impress too, with 50-megapixel sensors behind each of the four lenses, selfie included. Pound for pound, you won’t find many better camera systems in any phone this size.
1/10
The Ultra, unsurprisingly, takes things to another level. It’s much larger, with a 6.9-inch display, and weighs a hefty 218g. Despite that, the 6,000mAh is actually smaller, though I found it delivered pretty similar longevity.
The enormous camera is, as ever for Xiaomi’s Ultra phones, the highlight. There are 50-megapixel sensors for each of the main, ultrawide, and selfie cameras, with a large 1-inch-type sensor behind the primary lens. The periscope telephoto is even more impressive: 200-megapixel resolution, a large 1/1.4-inch sensor, and continuous optical zoom from 3.2x to 4.3x, the equivalent of 75-100mm. Xiaomi isn’t the first to pull off a true zoom phone — Sony’s Xperia 1 IV got there first in 2022 — but the telephoto camera here is far more capable than that phone’s, with natural bokeh and impressive performance even in low light.
The camera capabilities are supported by Xiaomi’s ongoing photography partner Leica, but it’s the pair’s Leitzphone that really emphasizes that. Slightly redesigned from the 17 Ultra Leica Edition that was released in China last December, this includes Leica branding across the hardware and software, a range of Leica filters and shooting styles, and a rotatable rear camera ring that can be used to control the zoom. It’s the first Leica Leitzphone produced by Xiaomi — after a trio of Japan-only Sharp models — and comes with additional branded accessories, including a case with a lens cap and a microfiber cleaning cloth.
Xiaomi has plenty of other announcements alongside the 17 series phones at MWC this year, including a super-slim magnetic power bank, the Pad 8 and Pad 8 Pro tablets, and a smart tag that supports both Google and Apple’s tech-tracking networks.
Photography by Dominic Preston / The Verge
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
Oklahoma54 seconds ago
Elgin’s Ritson Meyer becomes four-time Oklahoma high school wrestling state champion
Oregon7 minutes ago
6 Friendliest Towns to Visit on the Pacific Coast in 2026
Pennsylvania13 minutes ago
Iran’s Supreme Leader Ayatollah Ali Khamenei killed in strikes; Pennsylvania lawmakers respond
Rhode Island19 minutes ago
Rhode Island women’s basketball wins A-10 regular-season championship
South-Carolina25 minutes ago
Tessa Johnson injury update for Dawn Staley, South Carolina vs Kentucky
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia2 years ago
99th annual Pony Swim held in Virginia
Indiana1 year ago
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Politics3 hours ago
Mamdani’s response to Trump’s Iran strike sparks conservative backlash: ‘Rooting for the ayatollah’
World4 hours ago
Activists hail ‘historic’ EU’s decision on accessible abortion
News5 hours ago
A long-buried recording and the Supreme Court of old (CT+) : Consider This from NPR
News14 hours ago
2 Survivors Describe the Terror and Tragedy of the Tahoe Avalanche
Politics15 hours ago
Iran fires missiles at US bases across Middle East after American strikes on nuclear, IRGC sites
-
World3 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts3 days agoMother and daughter injured in Taunton house explosion
-
Montana1 week ago2026 MHSA Montana Wrestling State Championship Brackets And Results – FloWrestling
-
Louisiana6 days agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Denver, CO3 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Technology1 week agoYouTube TV billing scam emails are hitting inboxes
-
Technology1 week agoStellantis is in a crisis of its own making
-
Politics1 week agoOpenAI didn’t contact police despite employees flagging mass shooter’s concerning chatbot interactions: REPORT