The security disconnect: worried Britons are still creatures of (password) habit

Following an increase in digitalisation Britons have doubled the number of password protected accounts - opening up more opportunity for cyber criminals to exploit security weaknesses

Helsinki, Finland – May 3, 2022: Despite over 27 million Britons admitting they worry about losing money to online fraud, three-quarters (75%) of the nation could be putting their finances and savings at risk by using the same password for their online banking as other online accounts, increasing the risk of bank account fraud. Staggeringly, there are more than 40 billion records of personal information captured from consumers globally, according to cyber security experts, F-Secure.   

The new study, which delves into Britons’ password habits, also found that one in 10 people have had their online banking hacked. Yet, in a strange twist of contradiction, almost 80% of people won’t change their passwords even when they’ve been notified that an account has been compromised.

The disconnect between worry and risk has been revealed in the latest research released today, which shows that lax password habits continue to be commonplace. When it comes to password hygiene more broadly, more than a third[1] still use the same password, or variations of it, for several protected accounts and Gen-Z are the worst creatures of habit with 41% keeping to the same password.

Security experts at F-Secure are urging the British public to improve their password habits this World Password Day (5th May) as cyber criminals exploit weak passwords for theft and identity fraud.

Further findings in the research, also revealed that since the pandemic, the number of online accounts Britons now have has almost doubled[2] - going from 18 to 32. This growth is likely to have been accelerated by the pace of digitalisation over the past two years when many analogue services migrated online.

The research also revealed that rather than use a password manager[3] that allows users to store, generate and manage their passwords, 42% of Britons say they simply memorise passwords, whilst a quarter keep a note of them online, on their phone or written down on paper.

Tom Gaffney, Principal Consultant at F-Secure comments: “There is a clear disconnect between the worries Britons have about cyber security versus their behaviour and attitudes to password management, likely because it’s perceived to be more convenient to have simple, easy to remember passwords. A fifth of account holders choose passwords that contain personal words or numbers. While this may make passwords easy to remember, choosing convenience over security makes passwords weak and predictable, allowing hackers to crack them in seconds.

“Cybercrime is a very serious and realistic threat that can have devastating consequences. There are millions of us openly exposing ourselves to the risk of fraud every day. While 36% are using unique passwords across all of their accounts there is room for improvement. We should all be using unique passwords. Many people don’t realise there are some quick and easy ways to improve password habits to close the security disconnect and mitigate risk. If you make one change this World Password Day, make sure your online banking passwords are completely unique, and use a combination of random letters, numbers and characters.”

To help Britons employ effective security measures, F-Secure’s team of cyber security experts have provided these top tips for password safety:

    Avoid using consecutive letters that sit consecutively on a keyboard ‘dfghj’ or ‘qwerty’

    Never use slang terms or common misspellings or words spelled backward, these can be accessed using software hackers are familiar with using.

    Don’t use names of spouses, children, close relatives, pets or anyone else that feature on your social profiles. They can all be discovered with a little desk research.

    Never use ‘123456’ - remember when 32 million passwords were exposed in a breach, almost 1% of victims were using that number sequence.

    Set up a password manager to keep your details secure. Password managers encrypt your logins so they can only be accessed when you enter a master password and plain text passwords are never stored on any devices or on the password manager’s servers.

    Avoid sharing passwords to accounts like Netflix or Spotify, especially if it is the same password you use for other services.


Research was conducted in March 2022 among 6,916 UK adults with findoutnow.

[1] 32%

[2] 44%

[3] 28% 

About F-Secure

Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd. | |

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.