Using the same password for everything?

27 February 2018

Why you face the increased risk of a cyber attack


Over half of young Britons aged 18-25 years are using the same password for online services according to a BBC report.

In the survey, more than 52% in this age group admitted to using the same password, making it easier for hackers to hi-jack accounts.  Reusing a password helps cyber-thieves, because following a data breach, they will try using login names and password combinations on many different online accounts in the hope of getting a hit.

The survey suggested that younger people were also most likely to use their email password on other accounts. Across the whole sample of respondents,  27% reported that they reused the key identifier that unlocked their email. This is dangerous, as if hackers get hold of this code they can use your email to access all of your personal information - by asking for a reset to your passwords for other accounts.

The survey found that while operators of large online email services try hard to protect login credentials, smaller firms are less prepared for hack attacks which can mean reused passwords go astray.

On average, the survey found people regularly used at least six other online accounts covering everything from social media to online shopping. Some said they had as many as 21 other accounts they logged into frequently.

About 79% of the 2,261 respondents (of all ages) admitted they had sent bank details or copies of passports and driving licences via messaging systems.

"Your email account is really a treasure trove of information that hackers won't hesitate to exploit," said Det Insp Mick Dodge, national cyber-protect co-ordinator with the City of London police in a statement..

"You wouldn't leave your door open for a burglar, so why give criminals an open invitation to your personal information?"

Passwords: Things to avoid:

  • Don't use passwords based on personal information such as: name, birth date, children’s/pets’ names, your car registration number, address etc. This includes using just part of your name, or part of your birth date
  • Never use a password based on your username, account name, computer name or email address
  • Don't just add a single digit or symbol before or after a word. e.g. "apple1"
  • Don't double up a single word, e.g. "appleapple"
  • Don't simply reverse a word e.g. "elppa"

      What to do:

  • Use at least eight characters
  • Use a random mixture of both upper and lower case characters, numbers, punctuation, spaces and symbols
  • Don't use a word found in a dictionary, English or foreign
  • Don’t use the same password twice
  • Choose a password that you can remember so that you don't need to keep looking it up and one that you can type quickly. This reduces the chance of somebody discovering your password by looking over your shoulder
  • Change your password regularly, e.g. once a month, but not so regularly that you have trouble keeping track or are tempted to simplify it
  • Change your password whenever you suspect that somebody knows it, that they may guess it, or if you are worried about someone stood behind you while you typed it in

 Protecting your password:

  • Never store your password on your computer except in an encrypted form.
  • Whenever windows on your computer prompts you to "Save password" - don't
  • Never send your password via email or any other unsecured channel
  • If you must write your password down, don't leave the paper lying around, keep it away from your computer and under lock and key
  • Never tell anyone your password.

Contact us for more information

<< Back to Latest News items