Published: Thu 2 May 2024
Your P4$$w0rd isn’t strong enough – only 20% of UK public can identify a secure password
- A fifth of the public admit to using the same password on multiple sites and devices
- As a new law came into effect this week imposing stricter rules for Manufacturers selling smart gadgets in the UK, a third of us are worried about the risks of having lots of smart devices connected in our homes, yet only 42% have changed the default passwords for these gadgets
- IET Cyber Security Expert warns that easy to access passwords can be cracked in less than a second
Only one in five people in the UK can correctly identify a secure password over a compromised one, despite admitting they are scared about being hacked in the future (65%) and believe hackers are becoming more inventive (84%), new research from the Institution of Engineering and Technology (IET) reveals.
This World Password Day (Thursday 2 May 2024), the IET has released new stats showing how predictable the UK public’s passwords are to hackers and scammers.
A fifth of people are using the same password for multiple websites and devices, with almost half using a significant date (21%) or a pet’s name (20%) as the topic of their security.
With easy to access passwords being crackable in less than one second, the IET is raising awareness of our common password pitfalls and providing useful tips and insights to bolster our defences against cyber threats.
The public think hackers are becoming harder to detect (73%), with over a third of people admitting they wouldn’t know what to do if they’d been hacked (41%). Even those who haven’t been impacted by cybercrime, are being targeted regularly, with a fifth (21%) of people receiving a scam email every day.
Results show 38% of people believe replacing letters with numbers, e.g. p4$$w0rd is more secure when thinking about a password, with 45% thinking it makes them harder to guess, which is not the case.
Cyber Security Expert and IET Fellow, Dr Junade Ali, is urging people to take action now: “In our evolving online world, having strong passwords is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords.
“The IET’s research shows that 65% of people think passwords should never be written down, and 77% think changing passwords frequently makes them more secure, despite expert advice recommending otherwise.
“If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords - this is known as credential stuffing. However, there are some easy and simple ways to strengthen your defences against cyber threats.”
The IET’s research also revealed the public are worried about smart devices - 41% think they can be easily hacked and more than a third of people (39%) are worried about the risks of having lots of smart devices all connected in their homes. What’s more, only 42% of those surveyed have changed the default password which comes with the smart devices in their home.
Following the new law that came into effect this week that Manufacturers must abide by in order to sell smart gadgets in the UK, Junade added: “The implementation of the Product Security and Telecommunications Infrastructure Regulations is an important aspect of protecting UK consumers and critical national infrastructure. It’s great to see the voluntary Code of Conduct containing these rules become binding legislation.
“Poor cybersecurity on smart devices is not just a risk to consumers themselves – who put smart devices in their homes and trust them to control key aspects of their lives – but it’s also a risk to critical national infrastructure, as we have seen a variety of large-scale attacks originate from these devices.
“The banning of default passwords in such a context will encourage the use of more secure practices like requiring users to set their own passwords or using alternative authentication schemes.”
The IET’s top tips to boost your security and keep hackers away:
- Use randomly generated, long, unique passwords for each website.
- When it comes to passwords, longer is generally better.
- Having a password created from three random words is more secure than having a short complex password.
- Use a strong and separate password for your email account. If someone gains access to your email account, they can often reset passwords for other accounts.
- Use a password manager to store your passwords and to alert you if they have been involved in a data breach.
- Enable Two-Factor Authentication where possible.
- Whether to the cloud or an external hard drive, back up important data.
- Consider enabling the PIN code on the SIM card on your phone to protect your accounts if your phone is stolen.
- Install the latest security updates for your device and avoid buying devices which are no longer supported by the manufacturer to get updates.
- It's safer to use dedicated authenticator apps than to get Two-Factor Authentication codes over SMS text messages.
ENDS
Notes to Editors
The survey was carried out online by Opinion Matters on behalf of the Institution of Engineering and Technology (IET) throughout 18/04/2024 to 22/04/2024 amongst a panel resulting in 2,000 National Representative UK (aged 16+) responding.
All research conducted adheres to the MRS Codes of Conduct (2010) in the UK and ICC/ESOMAR World Research Guidelines. Opinion Matters is registered with the Information Commissioner's Office and is fully compliant with the Data Protection Act (1998).
List of statistics
Have you been impacted by cybercrime before?
|
Yes |
26.75% |
|
No |
71.10% |
|
Prefer not to say |
2.15% |
To what extent do you agree or disagree with the following statements?
|
I am scared about being hacked in the future |
|
|
Agree (net) |
64.70% |
|
Strongly agree |
23.10% |
|
Somewhat agree |
41.60% |
|
Neither agree nor disagree |
25.35% |
|
Somewhat disagree |
7.55% |
|
Strongly disagree |
2.40% |
|
Disagree (net) |
9.95% |
|
I don't think I will experience cybercrime in the future |
|
|
Agree (net) |
16.05% |
|
Strongly agree |
5.50% |
|
Somewhat agree |
10.55% |
|
Neither agree nor disagree |
44.10% |
|
Somewhat disagree |
27.45% |
|
Strongly disagree |
12.40% |
|
Disagree (net) |
39.85% |
|
I think the threat of cybercrime is overexaggerated |
|
|
Agree (net) |
13.45% |
|
Strongly agree |
4.65% |
|
Somewhat agree |
8.80% |
|
Neither agree nor disagree |
20.60% |
|
Somewhat disagree |
37.20% |
|
Strongly disagree |
28.75% |
|
Disagree (net) |
65.95% |
|
I don't mind if people have access to my personal data |
|
|
Agree (net) |
12.85% |
|
Strongly agree |
3.75% |
|
Somewhat agree |
9.10% |
|
Neither agree nor disagree |
18.70% |
|
Somewhat disagree |
25.20% |
|
Strongly disagree |
43.25% |
|
Disagree (net) |
68.45% |
|
I wouldn't know what do if I had been hacked |
|
|
Agree (net) |
40.75% |
|
Strongly agree |
10.10% |
|
Somewhat agree |
30.65% |
|
Neither agree nor disagree |
27.85% |
|
Somewhat disagree |
23.30% |
|
Strongly disagree |
8.10% |
|
Disagree (net) |
31.40% |
|
I have witnessed more cases of hacking this year than any other year |
|
|
Agree (net) |
33.95% |
|
Strongly agree |
12.05% |
|
Somewhat agree |
21.90% |
|
Neither agree nor disagree |
40.55% |
|
Somewhat disagree |
16.90% |
|
Strongly disagree |
8.60% |
|
Disagree (net) |
25.50% |
|
I think hackers are becoming more inventive |
|
|
Agree (net) |
83.70% |
|
Strongly agree |
42.45% |
|
Somewhat agree |
41.25% |
|
Neither agree nor disagree |
13.00% |
|
Somewhat disagree |
1.75% |
|
Strongly disagree |
1.55% |
|
Disagree (net) |
3.30% |
|
I think hackers are becoming harder to detect |
|
|
Agree (net) |
73.10% |
|
Strongly agree |
29.30% |
|
Somewhat agree |
43.80% |
|
Neither agree nor disagree |
20.95% |
|
Somewhat disagree |
3.95% |
|
Strongly disagree |
2.00% |
|
Disagree (net) |
5.95% |
|
I know how to make a secure password |
|
|
Agree (net) |
78.30% |
|
Strongly agree |
34.35% |
|
Somewhat agree |
43.95% |
|
Neither agree nor disagree |
15.65% |
|
Somewhat disagree |
3.60% |
|
Strongly disagree |
2.45% |
|
Disagree (net) |
6.05% |
|
I don't understand password authentication |
|
|
Agree (net) |
16.80% |
|
Strongly agree |
4.45% |
|
Somewhat agree |
12.35% |
|
Neither agree nor disagree |
21.30% |
|
Somewhat disagree |
35.45% |
|
Strongly disagree |
26.45% |
|
Disagree (net) |
61.90% |
How often, if at all, do you receive a scam email?
|
Every day |
21.15% |
|
4-6 days a week |
9.70% |
|
2-3 days a week |
17.95% |
|
Once a week |
14.25% |
|
Once every 2 to 3 weeks |
10.10% |
|
Once a month |
8.30% |
|
Once every 2 months |
3.30% |
|
Once every 3 to 5 months |
3.80% |
|
Once every 6 months to 11 months |
3.15% |
|
Once a year |
2.25% |
|
Less than once a year, please specify in every X years |
0.10% |
|
Never |
5.95% |
You mentioned that you have been impacted by cybercrime in the past. Which of the following statements, if any, apply to you? (Tick all that apply)
Respondents who have been impacted by cybercrime in the past.
|
As a result of being hacked, I am much more vigilant about my personal security |
59.63% |
|
I didn't expect to be hacked |
36.45% |
|
On reflection, my passwords were too accessible |
23.74% |
|
As a result of being hacked, my behaviour has stayed the same |
10.84% |
|
I was hacked by someone I know |
9.72% |
|
None of the above |
4.30% |
|
Prefer not to say |
0.75% |
What, if anything, best describes what you do when you see a notification or message to say that your password has been compromised?
|
Action it straight away and change my passwords and/or enable two-factor authentication |
46.20% |
|
Ignore the message |
21.30% |
|
N/A – I have never received a notification or message saying my password has been compromised |
17.60% |
|
Make a note to change the passwords, but forget |
8.55% |
|
I do not do anything |
4.40% |
|
Other, please specify |
1.95% |
Thinking about passwords, which of the following, if any, do you have? (Tick all that apply)
|
Unique passwords for each website |
38.95% |
|
A password manager that keeps all passwords together |
27.15% |
|
A log of passwords on my phone/notes or written down somewhere else |
26.25% |
|
One strong password that is reused for each website |
19.45% |
|
None of the above |
8.55% |
You previously stated that you have unique passwords for each website. Approximately how many passwords do you have? If you are not sure, please provide your best guess.
Respondents who have unique passwords for each website.
|
2-4 |
10.27% |
|
5-7 |
20.54% |
|
8-10 |
21.57% |
|
11-15 |
13.61% |
|
16-20 |
12.20% |
|
21-25 |
4.24% |
|
26-30 |
13.35% |
|
31+, please specify |
4.24% |
Which of the following, if either, do you think is more secure when thinking about a password?
|
Replacing letters with numbers e.g. p4$$w0rd |
37.65% |
|
Neither, they are both secure |
25.65% |
|
Just three random words together e.g. DeviceLunchSoothe |
20.20% |
|
Neither of them are secure |
16.50% |
You previously stated that you think replacing letters with numbers e.g., p4$$w0rd is more secure than just three random words together, when thinking about a password. Why, if for any reasons, is this the case? (Tick all that apply)
Respondents who think replacing letters with numbers e.g., p4$$w0rd is more secure than just three random words together, when thinking about a password.
|
Special characters are important |
45.68% |
|
Passwords like p4$$w0rd are hard to guess |
44.75% |
|
It complies with the password rules that websites make you follow |
31.74% |
|
Numbers are important to include for any password |
30.68% |
|
It is hard to hack |
25.50% |
|
I have had a similar password for years, without any issues |
17.80% |
|
There are no particular reasons why I think this |
4.25% |
|
Other, please specify |
0.66% |
Do you think the following statements are true or false?
|
Changing a password frequently makes it more secure |
|
|
True |
77.10% |
|
False |
11.60% |
|
Unsure |
11.30% |
|
It is safer to get two-factor authentication codes via text message than it is to generate them from a dedicated app. |
|
|
True |
61.80% |
|
False |
12.50% |
|
Unsure |
25.70% |
|
Passwords should never be written down |
|
|
True |
65.00% |
|
False |
20.55% |
|
Unsure |
14.45% |
|
It's safe to reuse passwords across multiple services |
|
|
True |
15.85% |
|
False |
67.55% |
|
Unsure |
16.60% |
|
Websites can check if you've provided the right password when logging in, without them needing to store your password |
|
|
True |
47.95% |
|
False |
17.90% |
|
Unsure |
34.15% |
Which of the following, if any, apply to you? (Tick all that apply)
|
I change my passwords regularly |
35.45% |
|
None of the above |
17.75% |
|
I can't change my passwords regularly because I forget them easily |
17.70% |
|
I'm always logged into my apps/accounts and can't remember the passwords |
16.15% |
|
I just change my password by one number every time |
10.65% |
|
I never think about password safety and the implications |
9.40% |
|
I am currently logged into someone else's account on one of my devices e.g., their email address/Netflix account/work emails |
8.60% |
|
My personal and work passwords are the same |
7.60% |
|
I have had the same password my whole adult life |
7.40% |
|
My password could be found in the text of a website or a book |
7.20% |
|
I never think I'll be hacked |
7.05% |
|
I share my passwords with my family |
6.20% |
Thinking about passwords, which of the following statements, if any, are true for you? (Tick all that apply)
|
None of the above |
41.65% |
|
I think my password(s) is elaborate |
20.40% |
|
My partner knows my passwords |
16.45% |
|
I know my partner's passwords |
16.10% |
|
My password is always one word |
9.05% |
|
I can guess my family's passwords |
7.65% |
|
Prefer not to say |
6.05% |
|
I know all my friend's passwords |
4.80% |
|
I have the same password as my parents |
3.50% |
What, if anything, describes the topics of your passwords? (Tick all that apply)
|
Prefer not to say |
39.85% |
|
Another significant date |
12.80% |
|
My pet's name |
12.20% |
|
Another significant person's name |
11.75% |
|
Other, please specify |
11.65% |
|
A word that can be found in a dictionary |
8.80% |
|
My child's name |
8.50% |
|
My football team |
7.35% |
|
My birthday |
7.15% |
|
My favourite book/film |
6.15% |
|
My favourite band/musical artist |
6.00% |
|
My favourite restaurant |
4.55% |
To what extent do you agree or disagree with the following statements?
|
I would be happy if security was changed from passwords to facial recognition or fingerprint only |
|
|
Agree (net) |
51.25% |
|
Strongly agree |
20.75% |
|
Somewhat agree |
30.50% |
|
Neither agree nor disagree |
29.60% |
|
Somewhat disagree |
11.35% |
|
Strongly disagree |
7.80% |
|
Disagree (net) |
19.15% |
|
Facial recognition is more secure than entering a password |
|
|
Agree (net) |
58.75% |
|
Strongly agree |
22.50% |
|
Somewhat agree |
36.25% |
|
Neither agree nor disagree |
29.00% |
|
Somewhat disagree |
8.05% |
|
Strongly disagree |
4.20% |
|
Disagree (net) |
12.25% |
|
I'm worried about what would happen if someone stole my biometrics (e.g. fingerprint or facial scan) if these technologies replaced passwords |
|
|
Agree (net) |
58.85% |
|
Strongly agree |
22.65% |
|
Somewhat agree |
36.20% |
|
Neither agree nor disagree |
28.30% |
|
Somewhat disagree |
9.00% |
|
Strongly disagree |
3.85% |
|
Disagree (net) |
12.85% |
|
I know about 'passkeys' as a potential replacement of passwords |
|
|
Agree (net) |
41.30% |
|
Strongly agree |
12.55% |
|
Somewhat agree |
28.75% |
|
Neither agree nor disagree |
32.00% |
|
Somewhat disagree |
18.70% |
|
Strongly disagree |
8.00% |
|
Disagree (net) |
26.70% |
|
I feel confident in switching from using passwords to using 'passkeys' |
|
|
Agree (net) |
35.90% |
|
Strongly agree |
11.80% |
|
Somewhat agree |
24.10% |
|
Neither agree nor disagree |
42.35% |
|
Somewhat disagree |
15.50% |
|
Strongly disagree |
6.25% |
|
Disagree (net) |
21.75% |
|
I'm happy to keep using passwords instead of 'passwordless' technologies |
|
|
Agree (net) |
52.85% |
|
Strongly agree |
18.85% |
|
Somewhat agree |
34.00% |
|
Neither agree nor disagree |
36.55% |
|
Somewhat disagree |
7.95% |
|
Strongly disagree |
2.65% |
|
Disagree (net) |
10.60% |
To what extent do you agree or disagree with the following statements?
|
I have changed the standard default password which comes with the smart devices in my home |
|
|
Agree (net) |
42.05% |
|
Strongly agree |
19.25% |
|
Somewhat agree |
22.80% |
|
Neither agree nor disagree |
26.85% |
|
Somewhat disagree |
7.80% |
|
Strongly disagree |
3.35% |
|
Disagree (net) |
11.15% |
|
N/A |
19.95% |
|
I don't know how to update the passwords on the smart devices in my home |
|
|
Agree (net) |
18.90% |
|
Strongly agree |
5.15% |
|
Somewhat agree |
13.75% |
|
Neither agree nor disagree |
23.55% |
|
Somewhat disagree |
20.50% |
|
Strongly disagree |
19.00% |
|
Disagree (net) |
39.50% |
|
N/A |
18.05% |
|
I think smart devices in the home can be easily hacked |
|
|
Agree (net) |
40.65% |
|
Strongly agree |
10.50% |
|
Somewhat agree |
30.15% |
|
Neither agree nor disagree |
38.40% |
|
Somewhat disagree |
8.60% |
|
Strongly disagree |
3.75% |
|
Disagree (net) |
12.35% |
|
N/A |
8.60% |
|
I don't think smart devices in my home can be hacked |
|
|
Agree (net) |
9.85% |
|
Strongly agree |
2.80% |
|
Somewhat agree |
7.05% |
|
Neither agree nor disagree |
30.20% |
|
Somewhat disagree |
26.45% |
|
Strongly disagree |
20.40% |
|
Disagree (net) |
46.85% |
|
N/A |
13.10% |
|
I am worried about the risks of having lots of smart devices all connected in my home |
|
|
Agree (net) |
39.40% |
|
Strongly agree |
12.55% |
|
Somewhat agree |
26.85% |
|
Neither agree nor disagree |
30.10% |
|
Somewhat disagree |
13.65% |
|
Strongly disagree |
5.25% |
|
Disagree (net) |
18.90% |
|
N/A |
11.60% |
|
I don't know where to get advice on cyber security information regarding the smart devices in my home |
|
|
Agree (net) |
27.90% |
|
Strongly agree |
6.85% |
|
Somewhat agree |
21.05% |
|
Neither agree nor disagree |
31.35% |
|
Somewhat disagree |
18.95% |
|
Strongly disagree |
8.70% |
|
Disagree (net) |
27.65% |
|
N/A |
13.10% |
About the IET
- We inspire, inform and influence the global engineering community to engineer a better world.
- We are a diverse home for engineering and technology intelligence throughout the world. This breadth and depth means we are uniquely placed to help the sector progress society.
- We want to build the profile of engineering and technology to change outdated perceptions and tackle the skills gap. This includes encouraging more women to become engineers and growing the number of engineering apprentices.
- Interview opportunities are available with our spokespeople from a range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and diversity in engineering.
- For more information, visit theiet.org
- Follow the IET on X.
Media enquiries to:
Rebecca Gillick
External Communications Manager
E: rgillick@theiet.org
Sophie Lockyer
Senior Communications Executive
E: slockyer@theiet.org
We’re upgrading our systems, and this includes changes to our customer and member account log in, MyIET. It’s part of our big picture plan to deliver a great experience for you and our wider engineering community.
Whilst most of our websites remain available for browsing, it will not be possible to log in to purchase products or access services from Thursday, 17 April to Wednesday, 30 April 2025. Our Member Relations team is here to help and for many of our services, including processing payments or orders, we’ll be able to support you over the phone on +44 (0)1438 765678 or email via membership@theiet.org.
We apologise for any inconvenience this may cause and thank you for your understanding.
For further information related to specific products and services, please visit our FAQs webpage.