It's always a good idea to change the default passwords. Let me try to explain how port forwarding works though as quickly as possible.
If you had one computer and it was directly connected to the internet (which is a BAD idea) you would have an IP address 123.456.789.1 and all ports accessible (65K of them). You would talk to a specific application on that computer with 123.456.789.1:80 for instance, where 80 is the port.
If you are behind a router that 123.456.789.1 will go to the router, the computer is hidden behind an internal address e.g. 192.168.0.100. If you try to connect to 192.168.0.100:80 from the internet you will not get to your computer. If you try to access 123.456.789.1:80 from the internet you will not get anything either since your asking the firewall for it's application on port 80.
This is where port forwarding comes in. You tell the router to forward any traffic it gets on a given port to 192.168.0.100 port 80. You can use a different port on the firewall than what the application actually runs on. We'll use port 8888 as an example.
So we tell the router whatever you get on port 8888 send it over to 192.168.0.100:80. So now when we access 123.456.789.1:8888 from the internet it will work. Only the single port that is forwarded from the computer is exposed to the internet, all other ports stop at the firewall.
You can forward many different ports to many different computers on the internal network.
Going to whatismyip.com will always give you the internet address of your router, 123.456.789.1 in this case. Since you are probably not paying for a static internet IP this address is subject to change, it all depends on your ISP how often that happens. I've had the same one for well over a year. The solution to this is DynamicDNS which is a whole other subject.
If you are port forwarding you want to setup the internal address for that device as a static address so it never changes, otherwise you may end up forwarding the port to a different computer.
Clear as mud?