Login
Start of main content

Your P4$$w0rd isn’t strong enough – only 20% of UK public can identify a secure password

  • A fifth of the public admit to using the same password on multiple sites and devices
  • As a new law came into effect this week imposing stricter rules for Manufacturers selling smart gadgets in the UK, a third of us are worried about the risks of having lots of smart devices connected in our homes, yet only 42% have changed the default passwords for these gadgets
  • IET Cyber Security Expert warns that easy to access passwords can be cracked in less than a second

Only one in five people in the UK can correctly identify a secure password over a compromised one, despite admitting they are scared about being hacked in the future (65%) and believe hackers are becoming more inventive (84%), new research from the Institution of Engineering and Technology (IET) reveals.

This World Password Day (Thursday 2 May 2024), the IET has released new stats showing how predictable the UK public’s passwords are to hackers and scammers.

A fifth of people are using the same password for multiple websites and devices, with almost half using a significant date (21%) or a pet’s name (20%) as the topic of their security.

With easy to access passwords being crackable in less than one second, the IET is raising awareness of our common password pitfalls and providing useful tips and insights to bolster our defences against cyber threats.

The public think hackers are becoming harder to detect (73%), with over a third of people admitting they wouldn’t know what to do if they’d been hacked (41%). Even those who haven’t been impacted by cybercrime, are being targeted regularly, with a fifth (21%) of people receiving a scam email every day.

Results show 38% of people believe replacing letters with numbers, e.g. p4$$w0rd is more secure when thinking about a password, with 45% thinking it makes them harder to guess, which is not the case.

Cyber Security Expert and IET Fellow, Dr Junade Ali, is urging people to take action now: “In our evolving online world, having strong passwords is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords.

“The IET’s research shows that 65% of people think passwords should never be written down, and 77% think changing passwords frequently makes them more secure, despite expert advice recommending otherwise.  

“If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords - this is known as credential stuffing. However, there are some easy and simple ways to strengthen your defences against cyber threats.”

The IET’s research also revealed the public are worried about smart devices - 41% think they can be easily hacked and more than a third of people (39%) are worried about the risks of having lots of smart devices all connected in their homes. What’s more, only 42% of those surveyed have changed the default password which comes with the smart devices in their home.

Following the new law that came into effect this week that Manufacturers must abide by in order to sell smart gadgets in the UK, Junade added: “The implementation of the Product Security and Telecommunications Infrastructure Regulations is an important aspect of protecting UK consumers and critical national infrastructure. It’s great to see the voluntary Code of Conduct containing these rules become binding legislation.

“Poor cybersecurity on smart devices is not just a risk to consumers themselves – who put smart devices in their homes and trust them to control key aspects of their lives – but it’s also a risk to critical national infrastructure, as we have seen a variety of large-scale attacks originate from these devices.

“The banning of default passwords in such a context will encourage the use of more secure practices like requiring users to set their own passwords or using alternative authentication schemes.”

The IET’s top tips to boost your security and keep hackers away:

  1. Use randomly generated, long, unique passwords for each website.
  2. When it comes to passwords, longer is generally better.
  3. Having a password created from three random words is more secure than having a short complex password.
  4. Use a strong and separate password for your email account. If someone gains access to your email account, they can often reset passwords for other accounts.
  5. Use a password manager to store your passwords and to alert you if they have been involved in a data breach.
  6. Enable Two-Factor Authentication where possible.
  7. Whether to the cloud or an external hard drive, back up important data.
  8. Consider enabling the PIN code on the SIM card on your phone to protect your accounts if your phone is stolen.
  9. Install the latest security updates for your device and avoid buying devices which are no longer supported by the manufacturer to get updates.
  10. It's safer to use dedicated authenticator apps than to get Two-Factor Authentication codes over SMS text messages.

ENDS

Notes to Editors

The survey was carried out online by Opinion Matters on behalf of the Institution of Engineering and Technology (IET) throughout 18/04/2024 to 22/04/2024 amongst a panel resulting in 2,000 National Representative UK (aged 16+) responding.

All research conducted adheres to the MRS Codes of Conduct (2010) in the UK and ICC/ESOMAR World Research Guidelines. Opinion Matters is registered with the Information Commissioner's Office and is fully compliant with the Data Protection Act (1998).

List of statistics

Have you been impacted by cybercrime before?

Yes

26.75%

No

71.10%

Prefer not to say

2.15%

 

To what extent do you agree or disagree with the following statements?        

I am scared about being hacked in the future

  

Agree (net)

64.70%

Strongly agree

23.10%

Somewhat agree

41.60%

Neither agree nor disagree

25.35%

Somewhat disagree

7.55%

Strongly disagree

2.40%

Disagree (net)

9.95%

 

I don't think I will experience cybercrime in the future

  

Agree (net)

16.05%

Strongly agree

5.50%

Somewhat agree

10.55%

Neither agree nor disagree

44.10%

Somewhat disagree

27.45%

Strongly disagree

12.40%

Disagree (net)

39.85%

 

I think the threat of cybercrime is overexaggerated

  

Agree (net)

13.45%

Strongly agree

4.65%

Somewhat agree

8.80%

Neither agree nor disagree

20.60%

Somewhat disagree

37.20%

Strongly disagree

28.75%

Disagree (net)

65.95%

 

I don't mind if people have access to my personal data

  

Agree (net)

12.85%

Strongly agree

3.75%

Somewhat agree

9.10%

Neither agree nor disagree

18.70%

Somewhat disagree

25.20%

Strongly disagree

43.25%

Disagree (net)

68.45%

 

I wouldn't know what do if I had been hacked

  

Agree (net)

40.75%

Strongly agree

10.10%

Somewhat agree

30.65%

Neither agree nor disagree

27.85%

Somewhat disagree

23.30%

Strongly disagree

8.10%

Disagree (net)

31.40%

 

I have witnessed more cases of hacking this year than any other year

  

Agree (net)

33.95%

Strongly agree

12.05%

Somewhat agree

21.90%

Neither agree nor disagree

40.55%

Somewhat disagree

16.90%

Strongly disagree

8.60%

Disagree (net)

25.50%

 

I think hackers are becoming more inventive

  

Agree (net)

83.70%

Strongly agree

42.45%

Somewhat agree

41.25%

Neither agree nor disagree

13.00%

Somewhat disagree

1.75%

Strongly disagree

1.55%

Disagree (net)

3.30%

 

I think hackers are becoming harder to detect

  

Agree (net)

73.10%

Strongly agree

29.30%

Somewhat agree

43.80%

Neither agree nor disagree

20.95%

Somewhat disagree

3.95%

Strongly disagree

2.00%

Disagree (net)

5.95%

 

I know how to make a secure password

  

Agree (net)

78.30%

Strongly agree

34.35%

Somewhat agree

43.95%

Neither agree nor disagree

15.65%

Somewhat disagree

3.60%

Strongly disagree

2.45%

Disagree (net)

6.05%

 

I don't understand password authentication

  

Agree (net)

16.80%

Strongly agree

4.45%

Somewhat agree

12.35%

Neither agree nor disagree

21.30%

Somewhat disagree

35.45%

Strongly disagree

26.45%

Disagree (net)

61.90%

 

How often, if at all, do you receive a scam email?

Every day

21.15%

4-6 days a week

9.70%

2-3 days a week

17.95%

Once a week

14.25%

Once every 2 to 3 weeks

10.10%

Once a month

8.30%

Once every 2 months

3.30%

Once every 3 to 5 months

3.80%

Once every 6 months to 11 months

3.15%

Once a year

2.25%

Less than once a year, please specify in every X years

0.10%

Never

5.95%

 

You mentioned that you have been impacted by cybercrime in the past. Which of the following statements, if any, apply to you? (Tick all that apply)

Respondents who have been impacted by cybercrime in the past.

As a result of being hacked, I am much more vigilant about my personal security

59.63%

I didn't expect to be hacked

36.45%

On reflection, my passwords were too accessible

23.74%

As a result of being hacked, my behaviour has stayed the same

10.84%

I was hacked by someone I know

9.72%

None of the above

4.30%

Prefer not to say

0.75%

 

What, if anything, best describes what you do when you see a notification or message to say that your password has been compromised?

Action it straight away and change my passwords and/or enable two-factor authentication

46.20%

Ignore the message

21.30%

N/A – I have never received a notification or message saying my password has been compromised

17.60%

Make a note to change the passwords, but forget

8.55%

I do not do anything

4.40%

Other, please specify

1.95%

 

Thinking about passwords, which of the following, if any, do you have? (Tick all that apply)

Unique passwords for each website

38.95%

A password manager that keeps all passwords together

27.15%

A log of passwords on my phone/notes or written down somewhere else

26.25%

One strong password that is reused for each website

19.45%

None of the above

8.55%

 

You previously stated that you have unique passwords for each website. Approximately how many passwords do you have? If you are not sure, please provide your best guess.

Respondents who have unique passwords for each website.

2-4

10.27%

5-7

20.54%

8-10

21.57%

11-15

13.61%

16-20

12.20%

21-25

4.24%

26-30

13.35%

31+, please specify

4.24%

 

Which of the following, if either, do you think is more secure when thinking about a password?

Replacing letters with numbers e.g. p4$$w0rd

37.65%

Neither, they are both secure

25.65%

Just three random words together e.g. DeviceLunchSoothe

20.20%

Neither of them are secure

16.50%

 

You previously stated that you think replacing letters with numbers e.g., p4$$w0rd is more secure than just three random words together, when thinking about a password. Why, if for any reasons, is this the case? (Tick all that apply)

Respondents who think replacing letters with numbers e.g., p4$$w0rd is more secure than just three random words together, when thinking about a password.

Special characters are important

45.68%

Passwords like p4$$w0rd are hard to guess

44.75%

It complies with the password rules that websites make you follow

31.74%

Numbers are important to include for any password

30.68%

It is hard to hack

25.50%

I have had a similar password for years, without any issues

17.80%

There are no particular reasons why I think this

4.25%

Other, please specify

0.66%

 

Do you think the following statements are true or false?   

Changing a password frequently makes it more secure

  

True

77.10%

False

11.60%

Unsure

11.30%

 

It is safer to get two-factor authentication codes via text message than it is to generate them from a dedicated app.

  

True

61.80%

False

12.50%

Unsure

25.70%

 

Passwords should never be written down

  

True

65.00%

False

20.55%

Unsure

14.45%

 

It's safe to reuse passwords across multiple services

  

True

15.85%

False

67.55%

Unsure

16.60%

 

Websites can check if you've provided the right password when logging in, without them needing to store your password

  

True

47.95%

False

17.90%

Unsure

34.15%

 

Which of the following, if any, apply to you? (Tick all that apply)

I change my passwords regularly

35.45%

None of the above

17.75%

I can't change my passwords regularly because I forget them easily

17.70%

I'm always logged into my apps/accounts and can't remember the passwords

16.15%

I just change my password by one number every time

10.65%

I never think about password safety and the implications

9.40%

I am currently logged into someone else's account on one of my devices e.g., their email address/Netflix account/work emails

8.60%

My personal and work passwords are the same

7.60%

I have had the same password my whole adult life

7.40%

My password could be found in the text of a website or a book

7.20%

I never think I'll be hacked

7.05%

I share my passwords with my family

6.20%

 

Thinking about passwords, which of the following statements, if any, are true for you? (Tick all that apply)

None of the above

41.65%

I think my password(s) is elaborate

20.40%

My partner knows my passwords

16.45%

I know my partner's passwords

16.10%

My password is always one word

9.05%

I can guess my family's passwords

7.65%

Prefer not to say

6.05%

I know all my friend's passwords

4.80%

I have the same password as my parents

3.50%

 

What, if anything, describes the topics of your passwords? (Tick all that apply)

Prefer not to say

39.85%

Another significant date

12.80%

My pet's name

12.20%

Another significant person's name

11.75%

Other, please specify

11.65%

A word that can be found in a dictionary

8.80%

My child's name

8.50%

My football team

7.35%

My birthday

7.15%

My favourite book/film

6.15%

My favourite band/musical artist

6.00%

My favourite restaurant

4.55%

 

To what extent do you agree or disagree with the following statements?    

I would be happy if security was changed from passwords to facial recognition or fingerprint only

  

Agree (net)

51.25%

Strongly agree

20.75%

Somewhat agree

30.50%

Neither agree nor disagree

29.60%

Somewhat disagree

11.35%

Strongly disagree

7.80%

Disagree (net)

19.15%

 

Facial recognition is more secure than entering a password

  

Agree (net)

58.75%

Strongly agree

22.50%

Somewhat agree

36.25%

Neither agree nor disagree

29.00%

Somewhat disagree

8.05%

Strongly disagree

4.20%

Disagree (net)

12.25%

 

I'm worried about what would happen if someone stole my biometrics (e.g. fingerprint or facial scan) if these technologies replaced passwords

  

Agree (net)

58.85%

Strongly agree

22.65%

Somewhat agree

36.20%

Neither agree nor disagree

28.30%

Somewhat disagree

9.00%

Strongly disagree

3.85%

Disagree (net)

12.85%

 

I know about 'passkeys' as a potential replacement of passwords

  

Agree (net)

41.30%

Strongly agree

12.55%

Somewhat agree

28.75%

Neither agree nor disagree

32.00%

Somewhat disagree

18.70%

Strongly disagree

8.00%

Disagree (net)

26.70%

 

I feel confident in switching from using passwords to using 'passkeys'

  

Agree (net)

35.90%

Strongly agree

11.80%

Somewhat agree

24.10%

Neither agree nor disagree

42.35%

Somewhat disagree

15.50%

Strongly disagree

6.25%

Disagree (net)

21.75%

 

I'm happy to keep using passwords instead of 'passwordless' technologies

  

Agree (net)

52.85%

Strongly agree

18.85%

Somewhat agree

34.00%

Neither agree nor disagree

36.55%

Somewhat disagree

7.95%

Strongly disagree

2.65%

Disagree (net)

10.60%

 

To what extent do you agree or disagree with the following statements?   

I have changed the standard default password which comes with the smart devices in my home

  

Agree (net)

42.05%

Strongly agree

19.25%

Somewhat agree

22.80%

Neither agree nor disagree

26.85%

Somewhat disagree

7.80%

Strongly disagree

3.35%

Disagree (net)

11.15%

N/A

19.95%

 

I don't know how to update the passwords on the smart devices in my home

  

Agree (net)

18.90%

Strongly agree

5.15%

Somewhat agree

13.75%

Neither agree nor disagree

23.55%

Somewhat disagree

20.50%

Strongly disagree

19.00%

Disagree (net)

39.50%

N/A

18.05%

 

I think smart devices in the home can be easily hacked

  

Agree (net)

40.65%

Strongly agree

10.50%

Somewhat agree

30.15%

Neither agree nor disagree

38.40%

Somewhat disagree

8.60%

Strongly disagree

3.75%

Disagree (net)

12.35%

N/A

8.60%

 

I don't think smart devices in my home can be hacked

  

Agree (net)

9.85%

Strongly agree

2.80%

Somewhat agree

7.05%

Neither agree nor disagree

30.20%

Somewhat disagree

26.45%

Strongly disagree

20.40%

Disagree (net)

46.85%

N/A

13.10%

 

I am worried about the risks of having lots of smart devices all connected in my home

  

Agree (net)

39.40%

Strongly agree

12.55%

Somewhat agree

26.85%

Neither agree nor disagree

30.10%

Somewhat disagree

13.65%

Strongly disagree

5.25%

Disagree (net)

18.90%

N/A

11.60%

 

I don't know where to get advice on cyber security information regarding the smart devices in my home

  

Agree (net)

27.90%

Strongly agree

6.85%

Somewhat agree

21.05%

Neither agree nor disagree

31.35%

Somewhat disagree

18.95%

Strongly disagree

8.70%

Disagree (net)

27.65%

N/A

13.10%

 

About the IET

  • We inspire, inform and influence the global engineering community to engineer a better world.
  • We are a diverse home for engineering and technology intelligence throughout the world. This breadth and depth means we are uniquely placed to help the sector progress society.
  • We want to build the profile of engineering and technology to change outdated perceptions and tackle the skills gap. This includes encouraging more women to become engineers and growing the number of engineering apprentices.
  • Interview opportunities are available with our spokespeople from a range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and diversity in engineering.
  • For more information, visit theiet.org
  • Follow the IET on X.

Media enquiries to:

Rebecca Gillick
External Communications Manager
E: rgillick@theiet.org

Sophie Lockyer
Senior Communications Executive
E: slockyer@theiet.org