Is your password "password", "123456", or something else just as simple?
If so, you're not alone — but you could also be putting yourself at risk of being hacked or falling victim to a scam.
New research conducted by YouGov on behalf of Telstra has found almost half (46 per cent) of Australians admit to using easy-to-guess passwords,
More than one in 10 Australians have used generic passwords like "123abc", with men twice as likely as women to do so.
Almost half of Australians have passwords that are easy to guess. Credit: SBS
The research also found that 1.4 million Australians are using the same password across 10 or more different accounts, with over a third (37 per cent) sharing at least one of them with their family members.
Of the Australians who write down their passwords, 1.5 million say they keep them somewhere easy to find, like the fridge, while 1.2 million keep them in their wallet or purse.
What are the risks of easy-to-guess passwords?
Telstra's cybersecurity expert Darren Pauli said the research findings paint "a pretty bleak picture" about Australians' password habits.
"Essentially, you don't want to have a password that anyone else has," he told SBS News.
"When usernames and passwords are stolen in a breach, they can be uploaded to the criminal underground … and shared.
"If your password has been stolen, and you reuse that across multiple accounts, criminals will automatically and at scale attempt to break into them."
Xingliang Yuan, a senior lecturer in cybersecurity at Monash University, said even if your password hasn't been obtained through a data breach, having an easy-to-guess password will make it easier for criminals to steal your personal information.
"For example, if they log into your banking system, they can get your account details, your home address, and so on," he told SBS News.
"If they can access your account, they can impersonate you to perform some cyber criminal activities."
Changes should you make to secure your accounts
Mr Yuan said for a password to be strong, it has to be long.
"It should be some kind of combination of different numbers or characters, or even special letters," he said.
"Also, we should not use personal information or a common word in a password."
If you have a bad memory or struggle to come up with unique passwords, Mr Pauli said password managers, which are built into most devices and web browsers, "work really well".
"That will automatically set passwords for you, fill them out, so you don’t have to remember, and that can set horribly complex ones that you'll never have a chance to remember," he said.
If you don't want to put all of your passwords in a password manager, Mr Pauli recommends using a 'passphrase'.
"Forget your uppercase, lowercase, random numbers and all that kind of traditional advice security has given you for forever; just write a sentence in three words or whatever, put the capitals in the right places, spaces, apostrophes, and use those because they're really easy to remember," he said.
"Again, just make sure that they're unique."
If you must write your passwords down, Mr Pauli warns against taking them outside.
"A month ago, I found a password book in a kids' park with all these credit cards written in it, everything, so not a good thing," he said.
Another way to secure your accounts is through multi-factor authentication (MFA), which Mr Pauli said he considered to be like a "deadbolt".
"If you log in and you have MFA there, it'll ask you to generate a code in an app or an SMS sent to your phone or whatever," he said.
"Once you've done that, it authenticates that that phone or laptop, or whatever you're using, is yours, and then you don't have to do it again."
"If someone steals your password, they have to get that code (to be able to get into your account)."
