SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Worried caucasian person looking at laptop shadowy figure behind hacking threat uk home
#
Phishing
#
Physical Security
#
Email Security

Millions at risk in UK as password reuse fuels hacking surge

Thu, 23rd Oct 2025
Author image
By Shannon Williams, Journalist

New research has revealed that a significant proportion of the UK population continues to reuse passwords across multiple online accounts, raising concerns about personal cyber security amidst a rise in account hacking reports.

According to statistics from Action Fraud, reports of social-media and email account hacking increased to 35,434 in 2024, rising from 22,500 the previous year. In response to these figures, DTP Group conducted a survey to better understand public attitudes and habits around password use.

The survey found that 12.45 per cent of respondents use a single password across all their online accounts. Extrapolated nationally, this figure suggests over six million people in the UK could be relying on just one password for everything.

Only 19.12 per cent of those surveyed stated they use a unique password for every account, while roughly 80 per cent admitted to reusing passwords in some form. The data shows that over one third of respondents (36.23 per cent) use only one to three different passwords for all their online platforms, despite 53.4 per cent of people managing between one and ten accounts that require login details.

Password reuse

The widespread use of a limited number of passwords is evident. The survey indicates that nearly 60 per cent of people use between one and six passwords for all accounts. Projected onto the UK population, this equates to approximately 32 million individuals who could be at increased risk of falling victim to hacking attempts as a result of password reuse.

The majority of respondents (69 per cent) reported having between one and 20 password-protected accounts. Only 11.2 per cent of people manage more than 20 accounts, and a minority of 0.5 per cent say they have 11 or more unique passwords to account for each of these profiles.

Results by account volume highlight that most adults are dealing with enough online accounts for password reuse to have substantial security consequences. For example, 28.8 per cent reported having between one and five accounts, and 24.6 per cent have between six and ten. With such figures, reusing the same passwords across different sites can be perilous if any one service experiences a breach.

Security risks

Further analysis of password habits demonstrates the mismatch between the number of accounts handled and the number of distinct passwords used. Many individuals are not keeping pace with best practices, and even a moderate number of accounts managed with a small set of passwords can significantly increase the risk of being hacked through credential reuse.

A notable 12.45 per cent confirmed that they use just one password for all accounts, 23.77 per cent use two or three, while 24.4 per cent use four to six passwords. In contrast, fewer than one in five (19.12 per cent) say they never reuse passwords and use unique credentials each time, which is the approach recommended by cybersecurity experts.

These habits leave millions of people exposed to the threat of their multiple accounts being compromised from a single data breach, as hackers often use stolen login details to attempt access to other platforms-a process known as credential stuffing.

Expert commentary

"Password reuse remains one of the most consistent and preventable drivers of account takeover. Our survey shows that a minority of people take the simple step of using unique credentials, that single behaviour change, combined with multifactor authentication and password managers, would reduce a significant portion of credential-stuffing and phishing success."

Guy Hawkridge, Head of IT & Security at DTP Group, commented on the findings, stressing that password reuse is a persistent and avoidable issue contributing to account breaches. He also noted that even basic security measures have a meaningful impact in reducing exposure to hacking attempts.

The findings serve as a reminder that using a single password is insufficient protection, especially in a digital environment where breaches are increasingly common. Hawkridge said, "The message is simple: one password is never enough. Millions of people could be just one breach away from losing access to their email, shopping, or banking accounts. Using a password manager and turning on two-step verification are quick, free steps that make a huge difference in how 'hackable' we really are."

The DTP Group survey, conducted with a sample of 1,000 UK respondents, forms part of wider efforts to raise awareness around cybersecurity basics. Simple habits such as creating strong, unique passwords for each account, using password managers, and enabling two-factor authentication are highlighted as effective ways to mitigate risk.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
More than a third of STEM professionals consider moving abroad

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Geneva launches first citywide quantum network for research & industry
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion