Over a quarter of Brits change online passwords less than once a year

New Equifax commissioned research identifies a key weakness in personal identity protection

New online research commissioned by credit information provider, Equifax, reveals that how we manage our passwords could mean we are leaving an ‘open door’ for fraudsters. According to the responses of over 2,000 people, more than a quarter (27%) change their online passwords less than once a year and 23% never change their passwords without being prompted. It appears the over 55’s are the most lax – with 29% of them admitting to infrequently updating their passwords.

Lisa Hardstaff, identity fraud expert at Equifax, believes that the fact that people now have so many passwords to remember could be a reason why people don’t regularly update their passwords.  “Our research revealed that nearly a third of consumers (31%) have more than five passwords. This demonstrates that people in the UK are definitely doing the right thing in ensuring that if a fraudster accesses one of their passwords they can’t access all their other accounts by using the same password.  However, good practice is to ensure that you regularly change your passwords and worryingly over a quarter of Brits do that less than once a year. 

“Passwords can be the first barrier online criminals face when trying to access someone’s personal details.  So understanding what makes a password strong can help keep information safe.”

Equifax has come up with a few ways to create a secure online password.

Choosing a Password

Keeping these points in mind can help create a strong password:

  • A longer password will reduce the chances of someone guessing it or an attacker from cracking it. Websites can have different minimum length requirements for a password but aiming for between 8 and 32 characters is a good starting point;
  • Hackers may try to guess your passwords using clues from your identity. Avoiding passwords with your real name, username, children or pets names or any phrases related to you - like your address, birthday, school names, or company - will help make your password more secure
  • Choosing different passwords for each website where you have entered details can prevent someone from using one password to access multiple accounts;
  • Substituting numbers or symbols for letters, such as changing ‘turtledove’ to ‘turt13d0v3’, is a method well-known to hackers, and it may not be enough to prevent them from guessing your password - try some of the following best practices:
        ​​-  Avoid using words that can be found in a dictionary.  Use a mix of upper and lower case letters, numbers, and
           ymbols in an unpredictable order, e.g. Jan3#564@TRa1n
        -  Avoid company names or mimicking the username
        -  Avoid using more than two repeating characters, e.g. Jannnuary Yeeeear

Keeping It Protected

There are a few ways to try to keep a password secure:

  • Never share a password and PINs with anyone even family;
  • Avoid keeping your passwords written down and never store them on your web browser as this can be visible to hackers looking to steal your personal information;
  • Using multi-factor authentication can add another level of security to your accounts as it asks for further verification of your identity before allowing access. The extra verification may include:
        -  A piece of information only you know, such as a password or secret question and answer;
        -  A trusted device only you can access like a mobile phone, where you’ll be told how to sign in;
        -  Something that can’t be faked, such as a fingerprint or retina scan;
  • Downloading and installing anti-virus and online security software can help protect your computer from outside attacks, such as malware and viruses that could try to steal information off your computer;
  • When creating your password reset questions and answers, keep in mind how easy it might be to guess the answer – is the information readily available or easy to research? If so, it may be safer to choose a more difficult question.

Password Managers

Password managers can help keep your passwords safe and secure without the need to remember them. You can enter the passwords you use for different sites into the software, which remembers the passwords for when you sign in – you’ll normally only have to remember one master password for the password manager.  Different password managers work in different ways and can offer a variety of services:

  • Some act as plugins or extensions for your browser. They can save entered passwords and re-enter them when you visit the site again;
  • They can also save and enter other information on the websites, such as your name, address, or phone number;
  • Many password managers can detect when you change a password, and may either ask if they should update their database, or do it automatically;
  • Password managers can also come with a built-in password generator. This creates and stores a secure password, therefore you won’t have to remember a complicated series of numbers and letters;
  • Some may be able to synchronise with accounts on other devices, such as your PC or Mac, phone, or tablet, and manage application passwords, as well as web pages.

Like any digital software, password managers can also be a target for fraudsters, therefore it’s important to look for well-known applications with established reputations – services that you pay for can be more secure than free applications. It’s important to research any product before downloading. It is essential that the master password for the manager is a very secure one.

“Choosing safe passwords has become a fixture in modern security, and as security becomes more complex so do the methods criminals will use to get past it”, concluded Lisa Hardstaff.

“In addition to ensuring you have a strong password to reduce the risk of falling victim to identity fraud and other cybercrimes, it is also worth considering subscribing to a service like Equifax Identity Watch Pro which will alert you if your credit / debit card or personal information is found on websites used by fraudsters”.

Equifax Identity Watch Pro includes WebDetect, which alerts individuals if their financial details are shared on websites used by fraudsters. Subscribers also get alerts within 24 hours of significant changes to their credit report, allowing them to act quickly to cancel cards and accounts before any serious damage is done. And with unlimited access to their latest credit report online, consumers can stay one step ahead of the criminals. The service costs £9.95 per month.

*YouGov survey, total sample size 2060 adults. Fieldwork was undertaken between 6th - 7th June 2016. The survey was conducted online.


For further press information, please contact: Clare Watson, Cecile Stearn, Parm Heer or Wendy Harrison at HSL on 020 8977 9132 / Fax: 020 8977 5200 or Email: equifaxbtocteam@harrisonsadler.com

About Equifax

Equifax, Inc. (“Equifax”) powers the financial future of individuals and organizations around the world. Using the combined strength of unique trusted data, technology and innovative analytics, Equifax has grown from a consumer credit company into a leading provider of insights and knowledge that helps its customers make informed decisions. The company organizes, assimilates and analyses data on more than 800 million consumers and more than 88 million businesses worldwide, and its databases include employee data contributed from more than 5,000 employers.

Headquartered in Atlanta, Ga., Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor's (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 9,200 employees worldwide.

Some noteworthy achievements for the company include: Ranked 13 on the American Banker FinTech Forward list (2015); named a Top Technology Provider on the FinTech 100 list (2004-2015); named an InformationWeek Elite 100 Winner (2014-2015); named a Top Workplace by Atlanta Journal Constitution (2013-2015); named one of Fortune’s World’s Most Admired Companies (2011-2015); named one of Forbes’ World’s 100 Most Innovative Companies (2015). For more information, visit www.equifax.com

Equifax Limited is one of the Equifax group companies based in the UK.

Equifax Limited is authorised and regulated by the Financial Conduct Authority.

Related links