Despite over 27 million Britons admitting they worry about losing money to online fraud, three-quarters (75%) of the nation could be putting their finances and savings at risk by using the same password for their online banking as other online accounts, increasing the risk of bank account fraud. Staggeringly, there are more than 40 billion records of personal information captured from consumers globally, according to cyber security experts, F-Secure.
The new study, which delves into Britons’ password habits, also found that one in 10 people have had their online banking hacked. Yet, in a strange twist of contradiction, almost 80% of people won’t change their passwords even when they’ve been notified that an account has been compromised.
The disconnect between worry and risk has been revealed in the latest research released today, which shows that lax password habits continue to be commonplace. When it comes to password hygiene more broadly, more than a third[1] still use the same password, or variations of it, for several protected accounts and Gen-Z are the worst creatures of habit with 41% keeping to the same password.
Security experts at F-Secure are urging the British public to improve their password habits this World Password Day (5th May) as cyber criminals exploit weak passwords for theft and identity fraud.
Further findings in the research, also revealed that since the pandemic, the number of online accounts Britons now have has almost doubled – going from 18 to 32. This growth is likely to have been accelerated by the pace of digitalisation over the past two years when many analogue services migrated online.
The research also revealed that rather than use a password manager that allows users to store, generate and manage their passwords, 42% of Britons say they simply memorise passwords, whilst a quarter keep a note of them online, on their phone or written down on paper.
Tom Gaffney, Principal Consultant at F-Secure comments: “There is a clear disconnect between the worries Britons have about cyber security versus their behaviour and attitudes to password management, likely because it’s perceived to be more convenient to have simple, easy to remember passwords. A fifth of account holders choose passwords that contain personal words or numbers. While this may make passwords easy to remember, choosing convenience over security makes passwords weak and predictable, allowing hackers to crack them in seconds. Reusing the same passwords across multiple services is dangerous even if other security mechanisms such as 2FA are in place. While 2FA adds an important layer of security, it still has its weaknesses.
“Cybercrime is a very serious and realistic threat that can have devastating consequences. There are millions of us openly exposing ourselves to the risk of fraud every day. While 36% are using unique passwords across all of their accounts there is room for improvement. We should all be using unique passwords. Many people don’t realise there are some quick and easy ways to improve password habits to close the security disconnect and mitigate risk. If you make one change this World Password Day, make sure your online banking passwords are completely unique, and use a combination of random letters, numbers and characters.”
To help Britons employ effective security measures, F-Secure’s team of cyber security experts have provided these top tips for password safety:
Avoid using consecutive letters that sit consecutively on a keyboard ‘dfghj’ or ‘qwerty’
Never use slang terms or common misspellings or words spelled backward, these can be accessed using software hackers are familiar with using.
Don’t use names of spouses, children, close relatives, pets or anyone else that feature on your social profiles. They can all be discovered with a little desk research.
Never use ‘123456’ – remember when 32 million passwords were exposed in a breach, almost 1% of victims were using that number sequence.
Set up a password manager to keep your details secure. Password managers encrypt your logins so they can only be accessed when you enter a master password and plain text passwords are never stored on any devices or on the password manager’s servers.
Avoid sharing passwords to accounts like Netflix or Spotify, especially if it is the same password you use for other services.