A recent study by the Institution of Engineering and Technology (IET) has highlighted concerning statistics about the UK public’s password security awareness. Despite a high level of concern about hacking, only 20% can identify a secure password. Many admit to reusing passwords across multiple sites, and less than half have changed default passwords on smart devices, even as new laws impose stricter rules for smart gadget manufacturers. 

Dr. Junade Ali, an IET Cyber Security Expert, warns that predictable passwords can be cracked instantly, making multiple accounts vulnerable to credential stuffing. He emphasizes the importance of unique passwords and recommends against frequent changes unless necessary. 

The public is also apprehensive about the security of smart devices at home.

A significant portion has not altered the default passwords, which poses a risk not only to personal security but also to national infrastructure. To that end, last week the UK has introduced pioneering laws to safeguard consumers and businesses from cyber threats by enforcing minimum-security standards for internet-connected smart devices. This legislation, the Product Security and Telecommunications Infrastructure (PSTI) Act, a global first, mandates that products such as smartphones, TVs, and smart doorbells are designed to withstand hacking attempts. Key measures include the prohibition of weak default passwords and the requirement for manufacturers to provide contact details for reporting security issues. The move aims to bolster the UK’s cyber resilience, as statistics reveal that 99% of adults own a smart device and households typically possess nine connected devices. The government’s commitment to online safety is further reinforced by this legislation, which is part of the broader £2.6 billion National Cyber Strategy. The Office for Product Safety and Standards (OPSS) will oversee compliance, ensuring consumer trust in product security and fostering economic growth through confident digital consumption.

To combat these threats, the IET suggests using long, unique passwords, employing password managers, enabling two-factor authentication, and keeping devices updated. They also advise against relying on SMS for two-factor codes, preferring authenticator apps instead.

The survey, conducted by Opinion Matters, involved 2,000 UK residents and revealed a lack of understanding about password strength, with many falsely believing that frequent changes and complex substitutions enhance security.