- 55% of people use the same password for most - if not all - websites
- 26% use passwords that are easy to remember (such as birthdays and people's names)
- 47% have used the same password for over 5 years
- 80% of people have never changed their bank PIN
As we can see from these statistics carried out by Ofcom, we're putting our online security at risk and potentially opening ourselves up to online hacking by using easy to remember passwords, or the same password across different websites.
There are a few reasons that our account passwords can be compromised. It could be that someone launches a personal attack against you, or you become the victim of a brute-force attack, meaning that the hacker systematically checks all possible passphrases until the correct one is found. Or, there could be a data breach, often resulting in millions of users account information being compromised.
So what should we be doing to reduce this risk and ensure we keep our passwords in lock down?
Follow these top tips to boost your password security:
- Choose a strong and unique password - Aim for a minimum of 8 characters with numbers, letters and punctuation.
- Don't use obvious passwords - Such as, 1234, 4321, qwerty, password, password123, etc. Avoid using anything which can be obtained from social media accounts - for example, family names, pets, place of birth, school, favourite holiday, or something related to your sports team or hobby.
- Keep passwords safe - Don't write them down, share them with anyone else or use the same one across multiple sites.
- Change your password regularly - Especially if you think someone else knows it.
- #thinkrandom - The Government's cyber security campaign encourages us to use three completely random words (e.g. dogmoonpurple) and break them up with numbers and characters (e.g. D0gm00npu4p!e).
- Use a random password generator - Or create a string of completely meaningless letters and symbols. One way of doing this is to take a random sentence or line from a song/poem, use the first letter of each word, and then add punctuation and numbers to mix it up.
- Use password management software (password vault) - Such as Dashlane, 1Password, KeePass, or Lastpass - to store all your passwords behind one master password.
- For added security, use 2-step factor authentication - If someone logs in from an unrecognised device, you're sent a code (by text or email) which you have to enter to verify it's really you.