Security Breaches and Bad Habits; the UK’s Poor Password Practices Revealed

• Despite one in five adults in the UK being told that their password has been leaked in a data breach, they have still not taken the steps to update it
• The average person has 100 accounts that require a password, which cybersecurity experts believe should be changed every three months
• The average Brit changes just three of their passwords every quarter, either of their own accord or after being prompted
• Email passwords are the most commonly shared passwords, putting many at risk of personal details being stolen
• Ahead of World Password Day, Max Beckett, broadband expert at Uswitch.com, gives tips on improving your online security.

Despite one in five adults in the UK being informed that their password has been leaked in a data breach, they have still not taken the steps to update it, according to the Uswitch.com broadband study.

Thursday 4 May 2023 is World Password Day, and the broadband experts at Uswitch.com have surveyed the public on their online password security habits to identify which areas and age groups have built the safest accounts online – and which elements of internet safety the nation may be overlooking.

The average person has 100 accounts that require a password, which some cybersecurity experts believe should be changed every three months. 

Uswitch’s data reveals that the average UK adult changes a password just three times per quarter, either of their own accord or after being prompted. 

Younger generations are most likely to change their login details: 16-24 year olds change a password 3.2 times every three months, compared to 2.8 times for those aged 55+. 

One in five (19%) of Brits have never changed a password after a data breach. Despite their login being compromised, only 14% of over 55s changed their password following a breach, the least of any age group analysed.

Online banking account passwords are the most regularly changed, with a third (33%) of Brits changing these passwords more than any other. 

Max Beckett, Uswitch.com broadband expert, commented: “Whether the cause is regular prompting from banks, fear of hacking, memory loss or just diligent banking habits, it’s encouraging to see that, of all account types, Brits are changing their online banking password the most regularly. 

Also Read: Security Considerations and Challenges of DBaaS

“Protecting your hard earned cash is even more important during a cost of living crisis where every penny counts, so regularly changing your online banking password is a great routine to get into.”

East Midlands’ residents are most likely to change their login details, whether prompted by their bank or of their own accord, with two in five (40%) changing online banking passwords more than any other. That’s almost double those that often change their online banking passwords in London, with less than a quarter (23%) doing so.

Table 1: Which accounts do you change your password for most frequently? (Select up to three)[5]

Scots are also more likely to use the same passwords at work and in private, with 11% doing so, third only to residents of Wales (12%) and Greater London (14%). 

One in ten (9%) East Midland residents use the same password for all of their logins, the most of any region analysed and 3% more than the national average (7%).

Table 2: The age group most likely to share their passwords

Email logins are the most commonly given out. Of the quarter (26%) of Brits that have shared their passwords, 24% admitted to sharing their email login details, closely followed by logins for online shopping accounts (23%).

Max Beckett, broadband expert at Uswitch.com, selects his tips on boosting your online security:

“As online security improves, hackers have also adapted to new approaches in their attempts to compromise passwords and access accounts. However, there are still steps you can take to improve your security online:

• Use a password manager: With the average Brit having 100 passwords, it can be extremely difficult to keep track of all of your logins. Not only does a password manager securely remember these passwords for you, it also allows you to create longer, more unique passwords without the risk of forgetting them. Some password managers can also let you know if your passwords have been leaked, or if a site you’re using is unsafe.

• Strengthen your existing passwords: Passwords can be improved by adding a mix of uppercase and lowercase characters, including additional numbers and symbols (like !, ? and #). Additionally, make sure not to include personal information, like your street or names of family members, in a password that a hacker may be able to guess.

• Create longer passwords: Hackers have improved tools to guess passwords, so a good rule of thumb is the more characters there are in a password, the longer it will take to crack. It’s equally important to create different passwords for your accounts, to make sure that one exposed password doesn’t make all your logins vulnerable. 

• Change your password if it’s leaked: From time to time, you may be notified that your login details for an account have been compromised. If this happens, it’s important to change those passwords to keep your account secure, as well as any other accounts that might share the same leaked login details.

• Invest in a VPN or strong security software: If you’re using unprotected public Wi-Fi, then using a Virtual Private Network (VPN) or highly-reviewed internet security program can help to keep you secure by protecting your activity online. Accessing the internet via a VPN can prevent your session from being monitored, and limits the chances of your online presence being traced.”