Large number of online accounts leaves Britons opting for simple passwords

Brits struggle with password security

Three quarters of Britons are placing themselves at risk because they use the same password for an average of 22 separate online accounts, according to research by the Payments Council.

The findings were released to highlight the council’s upcoming education campaign,, which also suggests people may be opting for simpler, easy-to-remember passwords as the amount of their online accounts increases.

Average Britons were found to have 22 online accounts each, with one in six having more than 40. Alarmingly, more than one-third admitted to sharing personal details with friends and family.

The council advises people to avoid reusing a password, or even a variation of it, in order to limit the damage that could ensue should an account be compromised.

It also says people should steer clear of using easy-to-guess children’s and pet names, birthdays and other memorable occasions, particularly when considering Britons’ increased online presence on social media sites. A quarter of those surveyed admitted to using pets’ names as passwords.

Instead, the council said people should be creative. “A good way to create a long, easy to remember password is to string together the first letters of a song lyric, phrase, or even better, a sentence known only to you,” said the Payments Council. “For example, ‘The Grand Old Duke of York, he had ten thousand men’ could give a password of ‘TGODoYhh10000m!’”

Iron Mountain, Europe head of information risk Christian Toon told StrategicRISK: “The news that 22% of people use the same password for two or more online accounts is worrying, as this is a practice that people will not just adopt in their personal lives but in business too, potentially putting corporate information at risk. 

“It is time for businesses to take responsibility for the sensitive information they hold. The drive for this culture of responsibility and secure information management needs to come from the very top of the business, and should include sufficient training, support and regular reviews. It is time for all organisations to make corporate information responsibility part of their operational DNA in the same way that many have done with corporate social responsibility.”