The high profile hacking of Yahoo passwords is just the recent in a long history of our passwords being exposed. By now we know we need different passwords for every service and site, and they all need to be impossible for a hacker to guess. Unfortunately, a new study has revealed that there's a major difference between knowing what we ought to be doing and actually doing it.
A new study, by Lottoland.co.uk found that the average Brit has used just one password for most of their online accounts for the past eight years. This password is used indiscriminately across everything from email to social media and online banking. This, of course, means that all a hacker has to do is breach the easiest site to beat, and they'll have access to everything.
The study found that the average Brit has 23 online accounts with a financial element. This highlights just how dangerous using the same password can be. However, it's also a major reason why we cannot come up with (and remember) different passwords for all of them.
Some 62% of people have only ever used one password, while 19% have two or three that they rotate across accounts, and just 2% had a different password for every single account for security purposes.
1. Favourite band (21%)
2. Pet names (16%)
3. Street names (11%)
4. Food and drink (7%)
5. Mother's maiden name (5%)
More than three quarters of people blamed a 'bad memory' as the reason for having such a limited number of passwords for online accounts.
Nigel Birrell, CEO of Lottoland.co.uk, commented: "We're all guilty of using the same password for more than one account. Not only is it much easier to remember that way, it also saves having to jot down a different word for each and every account. Having said that, the risks associated with using the same password across your social media, online banking and other personal accounts makes it that much easier for criminals and identity thieves to essentially hack into pretty much every aspect of your life. If you've had the same password for important accounts for a number of years, consider refreshing or updating them in order to protect yourself as much as you possibly can."
What can you do?
There are a couple of options. The first is to use a piece of software that automatically generates impossible-to-guess password for you, and then remembers them each time you visit a site.
Alternatively, you can come up with a unique password for each account, and write a clue down for yourself - stored away from the computer to make life a bit harder for burglars - so you can remember the password, but anyone looking at the same list of clues would have no idea.
Experts at Charter Savings Bank recommend picking a phrase, such as My favourite day of the year is the day after Christmas. Then take the first letter of each word (MFDOTYITDAC). Finally, switch letters for numbers that look the same, such as MFD0TY1TDAC. You would then need to write a clue, like 'Boxing Day', and keep it somewhere safe - with a note of the account or company that it relates to.
It's not foolproof, and for accounts you don't use regularly, there may be moments when you find yourself staring at the piece of paper thinking 'what did I mean by that?' But for accounts you use reasonably regularly, this should help you remember your password - without you having to fall back on the kinds of things that a hacker would be able to find easily just by browsing your social media accounts.