More than 8 in 10 Brits are not changing their passwords enough

15% of Brits admit to NEVER changing their internet banking password

James Carter
Authored by James Carter
Posted: Monday, May 16, 2022 - 11:43

More than 8 in 10 Brits (83%) are not changing their passwords enough[iii] – putting themselves and their families at risk of cyber attacks, new research by CSS Assure[iv] has revealed.

Of those, more than 1 in 3 (34%)[v] admitted to never changing their internet banking password or only doing so when prompted, while 20% said they use the same passwords across multiple accounts.

This World Password Day (5 May), CSS Assure is urging the public to start protecting themselves and their families against cyber attacks, which can lead to significant distress, identify theft, fraud and financial losses.

Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said: “Cyber criminality is here to stay and is an increasing plague on society – causing untold damage, while fuelling and funding international crime and global terrorism.

“Currently, there are millions of emails and passwords for sale on the dark web for miniscule amounts, waiting for cyber criminals to purchase.

“No one is immune from cyber attacks and it is vital people make themselves as hard to hack as possible. At a minimum, people should change their passwords at least once every three months as this will stop or prevent access to accounts if personal data has been breached.

“While this may seem like a faff, doing so is the single greatest defence a person can take towards protecting themselves against a cyber attack. Doing so will mitigate that gut-wrenching risk of discovering personal information or pictures have been stolen or your bank account or hard-earned savings have been cleared out.

“Using the same password across multiple accounts is also a major weak link. If one site is breached and someone’s credentials are exposed, their risk is amplified exponentially if they use that same password elsewhere.”

One in five respondents said they write their passwords down in a notebook or on a mobile application – rising to 24% of Baby Boomers – and almost a quarter of people (22%) admitted to choosing a password that relates back to them.

Almost three quarters (74%) of Gen Z do not ensure their passwords are complex by using a mix of uppercase and lowercase letters, numbers and special characters – while 15% said they let someone else know their passwords in case they forget.

Worryingly, despite infrequent password updates and reusing passwords across multiple sites, 74% of respondents claimed to be cyber security aware.

Mike said: “Poor password management is a root cause for many data breaches. However, the habit is more than likely as a result of poor personal discipline.

“Typically, people are unaware they are putting themselves at risk, which can be shown by almost three quarters of those surveyed believing they are cyber security aware – even though they are making mistakes that can have dangerous consequences.

“Using strong passwords is a critical cyber resilience practice. Doing so means cyber criminals are unlikely to gain unauthorised access to your account, which could enable them to change your privacy settings or gather information for social engineering purposes.

“People should also avoid using obvious personal information. Making your password a mix of information about you that is easily discoverable – such as your birthday, place of birth or pets’ names – only makes it easier to guess.

“As you shouldn’t be using the same password across multiple accounts, making a note of each one is good idea. However, these should only be either kept in an encrypted file or a credible password keeper. The tiny caveat is that you will still have to memorise a single master password to unlock all your other passwords.

“Finally, turn on two-factor authentication. This will enable you to know whether someone is trying to access your account and take appropriate action.

“If you knew that the keys to your home had been stolen or duplicated, you would change your locks. The same is true of passwords.”

Share this

Tags