UK Password Security & Cyber Risk Snapshot

So many people in the UK and around the world use the same passwords for all their accounts or even share with family, friends and colleagues. How many people know your Netflix password compared to your online banking password? Here are some facts and figures to help you rethink your password and cyber security.

1. Public Awareness & Habits Are Worryingly Weak

  • A survey by Virgin Media O2 and ethical hacker Brandyn Murtagh found over 60% of UK adults use basic passwords such as “password,” “123456,” or pet/child names. These weak passwords have been cracked in under three minutes using publicly available breach data.
  • According to the Institution of Engineering and Technology (IET), only 20% of the public can identify a secure password, while one in five reuse the same password across multiple sites. Almost half admitted to using significant dates (21%) or pet names (20%) in their passwords.

2. Business Vulnerability Is High

  • A CybSafe study highlighted that 74% of UK businesses had staff using vulnerable passwords – either weak or previously exposed in data breaches.
  • 69% of UK small businesses use weak passwords to access important documents and internal systems.
  • Until 2024 around 28% of UK businesses had no formal password policy.
  • According to UK Government data, the average cost of a cyberattack on a business in 2024 was £10,830.

3. Authentication Failures & Breaches

  • A staggering 80% of breaches are rooted in stolen or weak credentials – and 85% involve a human element, like phishing.
  • Credential stuffing, which leverages reused credentials from breaches, remains highly effective. Globally, 81% of users reuse passwords, and reused credentials have a small but significant success rate – up to 2% – in breaching accounts.
  • In UK SMEs, 53–65% of people reuse passwords, often across 14 accounts.
  • 54% of these small businesses are not using Multi-Factor Authentication (MFA), despite MFA stopping over 99.9% of automated cyberattacks.

4. Password Cracking Tools

  • Tools like passwordslab.vercel.app allow you to type in a password and give you an estimate ofhow long it would take a modern computer (or attacker) to crack it

5. How Password Cracking Time Calculators Work

  • They typically estimate cracking time by comparing:
    • Password length
    • Character variety (lowercase, uppercase, numbers, special characters)
    • Assumed attack power (eg billions of guesses per second with modern GPUs)
  • For example:
    • password → cracked instantly
    • P@ssword → maybe a few hours or days
    • L0ng&Rand0m!Phrase2025 → could take thousands of years

 

6. Why Tools Like Passwordslab Are Useful

  • Awareness → Shows how dangerously weak short or common passwords are
  • Education → Helps people understand why length + complexity + uniqueness matter
  • Behaviour Change → Encourages adoption of strong passphrases and password managers

Best Practices

  • Use a passphrase (3-5 random words strung together with symbols/numbers)
  • Never reuse passwords across accounts
  • Always enable multi-factor authentication (MFA)
  • For organisations: enforce password policies and monitor for breaches
  • Minimum 14-18 characters for personal security
back to Articles