Only 20% of UK public can identify a secure password
On World Password Day, the IET unveiled statistics that highlighted the predictability of the UK public’s passwords, making them susceptible to hackers and scammers.
Only one in five individuals in the UK can accurately distinguish a secure password from a compromised one, despite 65% expressing fear about potential hacking incidents in the future and 84% acknowledging that hackers are becoming more inventive, according to new research from the Institution of Engineering and Technology (IET).
20% of individuals admitted to using the same password across various websites and devices, while nearly half incorporate significant dates (21%) or a pet’s name (20%) into their passwords.
The IET is alerting the public to the dangers of easily accessible passwords, which can be cracked in less than one second, and is providing tips and insights to strengthen defences against cyber threats.
73% of the public believe that hackers are becoming more difficult to detect, with 41% confessing uncertainty about what steps to take if they were hacked. Despite not having been directly affected by cybercrime, 21% of people report receiving scam emails daily.
The findings also revealed that 38% of respondents think substituting letters with numbers, such as ‘p4$$w0rd’, enhances security. However, 45% believe this approach makes their passwords harder to guess, which is a misconception.
Cyber Security Expert and IET Fellow, Dr Junade Ali, is urging people to take action now: “In our evolving online world, having strong passwords is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords.
“The IET’s research shows that 65% of people think passwords should never be written down, and 77% think changing passwords frequently makes them more secure, despite expert advice recommending otherwise.
“If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords - this is known as credential stuffing. However, there are some easy and simple ways to strengthen your defences against cyber threats.”
The IET’s research also revealed the public are worried about smart devices – 41% think they can be easily hacked and more than a third of people (39%) are worried about the risks of having lots of smart devices all connected in their homes. What’s more, only 42% of those surveyed have changed the default password which comes with the smart devices in their home.
Following the new law that came into effect this week that manufacturers must abide by in order to sell smart gadgets in the UK, Junade added: “The implementation of the Product Security and Telecommunications Infrastructure Regulations is an important aspect of protecting UK consumers and critical national infrastructure. It’s great to see the voluntary Code of Conduct containing these rules become binding legislation.
“Poor cybersecurity on smart devices is not just a risk to consumers themselves – who put smart devices in their homes and trust them to control key aspects of their lives – but it’s also a risk to critical national infrastructure, as we have seen a variety of large-scale attacks originate from these devices.
“The banning of default passwords in such a context will encourage the use of more secure practices like requiring users to set their own passwords or using alternative authentication schemes.”
The IET’s top tips to boost your security and keep hackers away:
- Use randomly generated, long, unique passwords for each website
- When it comes to passwords, longer is generally better
- Having a password created from three random words is more secure than having a short complex password
- Use a strong and separate password for your email account. If someone gains access to your email account, they can often reset passwords for other accounts
- Use a password manager to store your passwords and to alert you if they have been involved in a data breach
- Enable Two-Factor Authentication where possible
- Whether to the cloud or an external hard drive, back up important data
- Consider enabling the PIN code on the SIM card on your phone to protect your accounts if your phone is stolen
- Install the latest security updates for your device and avoid buying devices which are no longer supported by the manufacturer to get updates
- It's safer to use dedicated authenticator apps than to get Two-Factor Authentication codes over SMS text messages