Happy 'World Password Day'! These worrying stats show just how bad our password habits still are

Today is "World Password Day" and cyber security experts all across the globe will be tutting their heads at how bad our password habits still are.

Even though there seems to be a devastating hack every other week these days, many of us still don't put much thought into protecting our online accounts.

Research provided to Mirror Tech from Avast software suggests that almost half of Brits (47%) have either never changed the password to their email account since setting it up, or have only done so when forgetting or in response to a hack.

The software company surveyed 2,002 customers and found that 43% used a mix of symbols, numbers, lowercase and uppercase letters when creating their passwords.

Some experts have even suggested we need to move beyond passwords and look at two-factor authentication. This is where you're asked to provide an additional code from another source - such as a trusted phone number.

"Over the years we have been training people to create passwords that are hard for humans to remember, but easy for computers to guess," explained Paul Norris, a senior systems engineer for EMEA at Tripwire .

"Password managers make it easier to create and store complex passwords which a human never has to remember, all the individual needs to remember is the master password that unlocks the password vault – so potentially a single point of failure if this is compromised or you lost or forgotten the password.

Video Loading

Video Unavailable

Click to play Tap to play

The video will auto-play soon8Cancel

Play now

"Two-factor authentication adds a layer of security – it introduces the ‘something you have and something you know’.

"For example, you log in with a passphrase and then you generate a one-time code from a secured device such as a smart card, token or an application on your smartphone. Effectively, this brings stronger security as the password is changing at a high rate."

Even if you're not going to bother with two-factor identification, Avast has provided a handy "check and change" list that may help you stay up to date with your security creds. It is World Password Day, after all.

Check

1. Your router – it is the gateway to all of your connected devices and could compromise them if the password isn’t secure. If an online service you have been using was breached in the past, there is a chance that the password is no longer secure, so make sure to change your passwords for all connected devices.
2. Your software updates are applied. Ensure all devices connected to your home networks are updated as needed when software patches are issued. This includes webcams, connected toys and smart TVs.
3. You have an up to date antivirus solution installed. This will detect and block malware like ransomware before it causes any damage. It will also detect and remove threats like keylogging malware which would track any newpasswords you create. . These threats need to be picked up through regular scans from antivirus software to help protect your device.
4. Your passwords are hard to crack. Pick a memorable phrase or series of words and tweak to add special characters to create unique and complex passwords that include numbers, characters and symbols. Avoid simple and memorable combinations such as using your name, “password” or “1234”.

Change

1. Your patch and updating habits! Many devices, like PCs and mobile, can run updates overnight so there is no excuse to ‘snooze’ the updates until a more convenient time. Often updates include fixes to vulnerabilities, so not installing them can lead to holes in your security that criminals will take advantage of. According to our research currently only 37% of people run a mobile update immediately.
2. Your passwords regularly for all devices and accounts. Many people don’t realise that changing their passwords regularly could help prevent the most common security issues, such as cyber fraud, online data and identification theft, and hacking.
3. How you save your passwords. Don’t save passwords on your browser. If your computer is hacked, then cyber criminals can find your passwords in the browser and use them to access your online accounts. Use a password manager that helps create strong passwords for all of your accounts and securely stores them behind a master password. When unlocked, and the accompanying browser add-on has been installed, the password manager tool will autofill your login information whenever you want to access your protected accounts.
4. Your secure log-on process and use two-step authentication for logging in to websites if you don’t already. For example, you can choose to have your mobile phone as a second security level, so that it receives a code you have to enter to verify your login credentials. This extra step makes it very difficult for someone to access your account.