More than 1.7 million UK internet users may be in danger of internet fraud because they use the same password for every online application and service they use, research has revealed.
The threat is also increasing as hackers step up efforts to steal passwords to gain access to online bank accounts.
UK payments association APACS recorded over 14,000 different phishing e-mails in the first quarter of 2009.
Once a password is known, it is easy for cybercriminals to discover what other applications and services that user is registered for, according to reformed hacker Robert Schifreen.
Businesses could also be exposed to this risk as users are likely to follow the same bad habits at work as they do at home, he said.
Using only one password is extremely risky, said Schifreen, whose acquittal by the House of Lords led to the introduction of the Computer Misuse Act of 1990 in the UK.
"Businesses must ensure that in addition to hardware and software protection, they educate users about the risks of using a limited number of weak passwords to access computers systems," he said.
Some 46% of UK internet users have a common password for their online banking, shopping and social networking account, an online survey of 1,600 respondents showed.
This represents over 18 million UK internet users, extrapolating from the research commissioned by the CPP Group, a customer relationship firm which helps victims of identity fraud.
More than half (54%) of the respondents admitted using variations of the same passwords, and 40% said their passwords are known to at least one other person.
Some 1.5% admitted that their passwords were known to former partners, which represents over 500,000 people out of 39.9 million internet users in the UK.
Shifreen said the best solution is to use software especially designed to store passwords for each application or service.
"The passwords are secure because the applications are encrypted and users then only have to remember one good password to access all the others they need," he said.
|How to create a secure password|