Do you use the same password for every website?

Despite high-profile security breaches such as Jack Straw’s Hotmail account being compromised, and cybercriminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every website they access according to newly revealed stats* from Sophos.

Password chart

Very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.

Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.

Furthermore, it’s important that users don’t use a word from the dictionary as their password. It’s easy to understand why computer users pick dictionary words as they’re much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

[youtube=http://www.youtube.com/watch?v=VYzguTdOmmU]

My advice to all computer users to ensure they don’t use dictionary words as passwords as it is relatively easy for hackers to figure these out using electronic dictionaries that simply try out every word until they get the right one.

Furthermore, it’s important not to choose common passwords like ‘admin’ or ‘1234’ as cybercriminals also check these first. In fact, the Conficker worm uses a list of 200 common passwords to try and gain access to other computers on the network, meaning that if one employee is infected, the whole corporate network could quickly be compromised if strong passwords are not enforced.

If video doesn’t float your boat, here’s a podcast where we talk around the issues of password security:

* Sophos online survey, March 2009, 676 respondents.

Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.