Strengthening our digital defences against cybercriminals takes centre spotlight this World Password Day (Thursday 4 May), as the gateways to our digital identities come increasingly under attack.

When it comes to avoiding a password hack, how knowledge-equipped is the UK public and are the wider implications for businesses fully understood when it comes to password security?

In our independent survey* of 3,000 people, which set out to identify how many people practice good password safeguards, we found that 25% of respondents duplicate passwords for both work and personal use. But are these just the ones who admit it?

Gen-Z least safety conscious about passwords

The least safety conscious were Gen Z digital natives (18-24-year-olds) with almost 40% using the same passwords for both work and personal use.

At the other end of the scale, the boomer generation (55-64-year-olds) appear to be more cautious, with 89% claiming to never duplicate passwords.

Andrew Parsons, UK Partner and cyber security expert at Womble Bond Dickinson, said:

“In today’s rapidly digitising world, strong password practices are more critical than ever, providing a vital barrier to cybercriminals – particularly in the corporate world.

The damage which poor password practices can have for both businesses and individuals cannot be underestimated, and we are increasingly seeing a rise of attacks and breaches due to people innocently using the same security passwords both in and outside of work.”

Businesses should train employees on good password habits

 “What our survey demonstrates is that more needs to be done to train employees on good password habits and that this needs to happen more frequently. This is likely why we see greater security awareness amongst the boomer generation, as they are likely to have had had more time in the workplace and opportunities for training. Those recently out of education haven’t necessarily had the exposure or guidance a work environment might otherwise provide on cybersecurity matters.”

He continues:

“In today’s culture of working from home, particularly amongst younger age groups, there has never been a more critical time for companies and individuals to be fully clued up when it comes to password security. Knowledge is most definitely power when it comes to equipping people with the tools to deter a cyber-criminal.”

Password hacking has been used in major breaches

Looking at the global picture and how detrimental password hacking can be for an organisation; in March 2022, Microsoft suffered a cyberattack from Hafnium, a Chinese hacking group, affecting local government agencies and various businesses. Hafnium gained access in two ways, an undisclosed Exchange vulnerability and stolen passwords.

Proving that password hacking is nothing new; Dropbox suffered a breach in 2012 due to an employee reusing a password at work, and as a result, hackers stole 68 million user credentials and sold them online.

Andrew continues:

“Human error is a password hacker’s dream and, likewise, human behaviour plays a vital role in ensuring organisations and people are protected.

In an ever-increasingly digital world, businesses must follow specific guidance if they want to combat cyber threats. In addition to always keeping work and personal passwords separate, there are numerous steps organisations can take to protect their workforce and wider business. These include creating long and unique passwords for all accounts, never sharing passwords (in particular, via text or email), prompting staff to regularly change their passwords and turning on two-factor authentication for all important accounts.”

Andrew concludes:

“Ensuring everyone in your organisation has had regular training, as well as possessing a level of consciousness about their own password and overall digital security is key.

World Password Day is an ideal opportunity to raise awareness about an issue which impacts each and every one of us – whatever our job or role in society – so we encourage everyone to up the ante on their cybersecurity by updating weak passwords and, within business, training staff immediately on the importance of password safeguards.”

To learn more about cybersecurity risks and how a business can prevent and effectively handle cyberattacks, visit our dedicated page on Cyber Risks.

This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.