Most people reuse the same three awful passwords - here's why that's a problem

(Image credit: italii Vodolazskyi / Shutterstock)

A survey of UK citizens has revealed a range of poor cybersecurity practices that could expose both personal and corporate data.

According to TheHackShield, people often reuse the same password across multiple services, create passwords that are relatively easy to guess with a little social engineering, and will wait for years before updating account credentials.

The cybersecurity firm recently polled 2,200 UK adults and discovered that two-thirds of people use just three passwords across all their online accounts, of which there are usually about 50. Almost half of the respondents (48%) use the same password for both personal and professional services.

Drilling deeper into their most popular choices, street names (20%), pet names (15%) and special dates (14%) were the most common passwords - all of which can be obtained relatively easily via social engineering.

Only 5% of people regularly update the passwords on their key accounts, in order to remain secure. The rest take seven years on average to change a password and, when they do it, it’s often due to “clear signs of hacking”.

Even when they are warned about poor cybersecurity hygiene, most people don’t do much about it. The majority (71%) of iPhone owners ignore alerts designed to notify the user if a password has been compromised in a data breach.

Keeping old passwords is risky

Although convenience likely factors into this behavior, the report found that most (51%) are afraid they will forget new passwords, while some (29%) said they couldn’t think of anything secure enough.

Commenting on the report, Nikhil S. Mahadeshwar, co-founder and CTO at Skynet Softtech, explained why it’s essential to regularly update passwords:

“Changing your password regularly is vital to staying safe online. Changing your password once a month will help to dramatically reduce your chances of becoming a victim of hacking," he said.

"You can also use two-step authentication and RSA hardware token, which looks like a flash drive to safeguard your password.  Whenever you get a notification or alert to change your password, do so immediately, otherwise, your valuable information could fall into the wrong hands.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.