When you sign up for something that has online access, you are often assigned a password by the webmaster. In one particular case, a drop ship supplier of ours issued a user id and password when we started up the account. The user id was numeric (our account number) and I noticed the password was comprised of the first 3 letters of the company name and the first 3 letters of the user id.
Out of context this would seem to be an OK password to use because it contains both letters and numbers – the type of password that security experts usually suggest. But the problem here is that the drop shipper assigns this same scheme of password to all their customers.
So in this case, if someone finds out the company name (which is usually readily available) and the account number, they would know both the user id and the password. They would have full access to your account online!
That’s an example of why you should always change your password to something else when you’re assigned one. Even if it looks like a great password, it may be easy to guess or hack.