Kiwi iPhone users have been receiving text alerts from Apple saying their passwords are compromised lately.
Take these warnings seriously if you want to be confident your online information is safe, says Auckland cybersecurity expert Daniel Watson.
Treat pop-up warnings about your internet security as suspicious but don't disregard warnings from your own service providers, he told RNZ.
These alerts are a legitimate warning that your online credentials may have been stolen, Watson says.
"Apple is going 'Look, if you're using a password that is already well known then you shouldn't be using it, you need to change it."
Kiwis tend to use the same passwords over and over again and be logged into dozens of websites at once, Watson says.
"Not every website has great levels of password security themselves so when somebody does get into them they can crack it open and they sell the database on the dark web, make a bit of money from it, or use it for further attacks themselves."
Watson recommends going with a 'pass phrase' rather than a password as they're easier to remember and harder to crack.
"A password like 'We all love Jacinda Ardern' is quite a long set of characters which can be hard for anybody to guess but it's really easy for you to remember."
The Chrome web browser has a password management tool that's safe enough for individual users, but if you're running a business, investing in company-wide password management software is a good idea and quite affordable, Watson says.
It's also handy really handy when people leave, Watson says.
"You'll reset [the former employee's] work server password but there's a whole bunch of other websites that they've logged on to as part of their day to day business which you probably also need to go out there and disable.
"If you're running a company you don't want people saving their work passwords in a tool which is going to walk out of the organisation attached to their Gmail account."