Blog Header

Over half of digital natives are reusing passwords

Over half of 18-25-year-olds reuse passwords for multiple services according to a new survey carried out to support Cyber Aware’s #OneReset campaign.

This statistic might not come at a huge surprise, as many consumers are guilty of this. Outside of TSG, I don’t know a whole lot of people who use a different password for each login they have. I’ve been guilty of it myself in the past.

What’s particularly worrying is its combination with this statistic:

79% of people send confidential and sensitive information like bank details and copies of passports or driving licences via “messaging services”.

A further 27% of young people reuse the password they use to login to their email account.

When you put these three headline stats together, it paints a worrying picture for our cyber security practises as a whole, but especially for the generation that we regard as ‘digital natives’; those who’ve grown up not knowing a world without technology and social media.

As someone who’s in this age bracket (but not for much longer…*sob*), I’m surprised that our personal cyber security standards are lacking. We’re the generation that helps our older relatives with their laptops and getting to grips with their new smartphones. I’ve helped friends and family wipe their machines of bizarre malware that they’ve unknowingly downloaded long before I entered the technology sector. I was never an expert, I was just…used to technology. I knew what to look out for.

We’re wise to phishing emails; I don’t know a single person around my age who’s fallen for a scam email, whether that’s clicking through to a fake login page or downloading a dodgy attachment. We know not to click on spammy-looking links from weird Twitter accounts. So why are we so lax when it comes to protecting our login credentials?

Take getting a job, for example. You’ll be required to send proof of identity and various financial documentation to the HR department in order to accept the role. Quite often, we don’t delete emails like that from our outboxes, so if a hacker gets their hands on our login credentials, it’s a potential treasure trove. As Detective Inspector Mick Dodge, National Cyber-Protect Co-ordinator of the City of London police puts it: “"Your email account is really a treasure trove of information that hackers won't hesitate to exploit.”

A 2016 Cyber Aware survey found that only a third of Britons follow password best practice by using three random words. Easy-to-crack passwords are still incredibly common too, with passwords like ‘123456’ ‘qwerty’ and ‘password’ still used by millions affected in data breaches. These statistics paint a bleak picture of the state of our personal cyber security.

What can I do about this?

This research has been released to coincide with Cyber Aware’s #OneReset day, which encourages consumers of all ages to reset their email passwords (at the very least) to something unique and difficult to crack.

Two-factor authentication (2FA) is also an essential security step that many services now offer; I use it to log into the TSG website, and into a myriad of email accounts. I use it to protect my personal Twitter account and TSG’s Twitter (say hello!) as well as personal and professional Facebook and LinkedIn accounts. 2FA offers an extra level of security on top of your password by allowing you to use something only you will have access to, like your phone or a browser authentication app. 2FA is so easy to turn on and offers an additional security layer that’s incredibly difficult to crack, yet only 10% of Gmail users have enabled it on their accounts.

There’s been a lot of discussions around password managers and their effectiveness in keeping all of your precious login credentials private. Leading providers including LastPass, Keeper and 1Password have all experienced security flaws in recent years, but cyber security experts agree that it’s the most secure way to manage multiple, complex logins. When it comes to choosing a password manager, Professor Alan Woodward of the University of Surrey recommends looking at reputable companies, checking out reviews and, if the organisation you’re looking at has experienced a security flaw, look at how they dealt with it.

And last, but definitely not least, don’t be the person who sets an easy-to-crack password. Make sure your password isn’t on this list of the worst passwords of 2017. Whilst it might be tempting to use the same base password and change up the numbers or characters at the end – or maybe replace all of the ‘a’s with ‘@’s – hackers are wise to this tactic and will use brute force attacks with passwords that use these interchangeable characters.

Both the government and TSG’s team of security experts recommend that you use a minimum of three random words together for a truly secure password; it’s significantly more secure than a shorter password with easily-guessed character changes like pa55w0rd.

We’re all at risk of hackers nowadays, as they get smarter, more sophisticated and more determined. Being a digital native doesn’t necessarily mean you’ve got cyber security nailed, but equally everyone should be listening to this advice.

Live Chat Software