New research from the Institution of Engineering and Technology (IET) reveals that only one in five people in the UK can correctly identify a secure password over a compromised one. Despite expressing fear about potential hacking incidents in the future (65%) and acknowledging the growing inventiveness of hackers (84%), many are still using predictable passwords.
On this World Password Day, the IET has released new statistics demonstrating how vulnerable the passwords of the UK public are to hackers and scammers.
A significant number of people (20%) admit to using the same password for multiple websites and devices. Nearly half of them (21%) resort to using a significant date or a pet’s name (20%) for password creation.
Given that easily accessible passwords can be cracked in less than one second, the IET is highlighting common password mistakes and offering valuable advice and insights to strengthen defences against cyber threats.
The public perceives hackers as increasingly difficult to detect (73%), with more than a third (41%) admitting they would not know how to respond if they were hacked. Even those who have not experienced cybercrime are frequently targeted, with one in five (21%) receiving scam emails daily.
38% of people believe that substituting letters with numbers (e.g., p4$$w0rd) makes passwords more secure, with 45% assuming it makes them harder to guess, which is not the case.
Cyber Security Expert and IET Fellow, Dr Junade Ali, is urging people to take action now: “In our evolving online world, having strong passwords is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords.
“The IET’s research shows that 65% of people think passwords should never be written down, and 77% think changing passwords frequently makes them more secure, despite expert advice recommending otherwise.
“If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords – this is known as credential stuffing. However, there are some easy and simple ways to strengthen your defences against cyber threats.”
Additionally, the IET’s study uncovered concerns about smart devices, with 41% fearing they are susceptible to hacking. More than a third (39%) worry about the risks associated with numerous interconnected smart devices in their homes. Only 42% of respondents have changed the default passwords on their smart devices.
Following the new law that came into effect this week that manufacturers must abide by in order to sell smart gadgets in the UK, Junade added: “The implementation of the Product Security and Telecommunications Infrastructure Regulations is an important aspect of protecting UK consumers and critical national infrastructure. It’s great to see the voluntary Code of Conduct containing these rules become binding legislation.
“Poor cybersecurity on smart devices is not just a risk to consumers themselves – who put smart devices in their homes and trust them to control key aspects of their lives – but it’s also a risk to critical national infrastructure, as we have seen a variety of large-scale attacks originate from these devices.
“The banning of default passwords in such a context will encourage the use of more secure practices like requiring users to set their own passwords or using alternative authentication schemes.”
IET’s top tips to help boost security are as follows:
- Use randomly generated, long, unique passwords for each website
- When it comes to passwords, longer is generally better
- Having a password created from three random words is more secure than having a short complex password
- Use a strong and separate password for your email account. If someone gains access to your email account, they can often reset passwords for other accounts
- Use a password manager to store your passwords and to alert you if they have been involved in a data breach
- Enable Two-Factor Authentication where possible
- Whether to the cloud or an external hard drive, back up important data
- Consider enabling the PIN code on the SIM card on your phone to protect your accounts if your phone is stolen
- Install the latest security updates for your device and avoid buying devices which are no longer supported by the manufacturer to get updates
- It’s safer to use dedicated authenticator apps than to get Two-Factor Authentication codes over SMS text messages
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.