Image credit: Shutterstock/ Art Genie
This article is for general guidance only and is not financial or professional advice. Any links are for your own information, and do not constitute any form of recommendation by Saga. You should not solely rely on this information to make any decisions, and consider seeking independent professional advice. All figures and information in this article are correct at the time of publishing, but laws, entitlements, tax treatments and allowances may change in the future.
Whether for banking, shopping, email or booking a holiday, passwords are the gateway to our online lives. But making the most common password mistakes is like leaving your front door wide open. Using the same password on different sites – or not updating yours regularly – could give criminals the key to your personal and financial information.
Unfortunately, as we get older we’re more likely to be targeted by scammers, so it’s particularly important to be careful. Six in ten over-65s have been scammed in some way, according to the charity Independent Age.
Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre, says: “The prospect of having our online accounts hacked is a worry for many and, unfortunately, it’s a very real threat.”
But there are steps you can take to protect yourself. This article explains how to stay safe online by avoiding these common mistakes.
What’s on this page?
Using the same password for different accounts is a mistake many of us make. The average person uses the same password for six websites or platforms, according to a survey for security platform ExpressVPN.
The best approach is to use different passwords for each account. That way, if your information from one falls into the wrong hands, it won’t open the door to all your other accounts. Lyons at the National Cyber Security Centre says anyone, regardless of age, can have their online accounts compromised if they use weak or reused passwords.
“Whilst having a weak password might let attackers get into your account, we more commonly see attackers waiting until a website loses passwords in a data breach. They are then able to try them on other websites, so having different passwords for each account is crucial.”
Did you know that if you were born between 1946 and 1964, you’re in the age group “most likely to create unique passwords”, according to the World Economic Forum. You’re also the least likely to repeat a password or use a variation on another password – which is great.
Experts have identified the passwords most likely to get hacked. Top of the list is '123456', involved in more than 50 million data breaches between 2007 and 2025. And 'password' is also one of the most hacked, linked with more than 11 million data breaches, according to website hosting platform Knownhost.
Many websites now have password requirements that force you to choose a more secure password. But using pet names, family birthdays or the football team you’ve always supported is also a security risk.
Lyons says: “Hackers can easily find this information from a variety of sources, including social media profiles, data breaches, or guesswork. Be mindful of what you share online – details like your anniversary seem harmless, but cyber criminals can use them to guess passwords.”
The best way to choose a password is to use something that is strong and unique. This could be three random words combined, as an example: “Teaswamprabbit”. Using a mixture of upper and lower case, numbers and special characters (like !&*, if the website allows them) will make your password more secure. Don’t use something easy to guess like ‘Liverpool123’.
If you’ve received an email or message asking you to reset your password, stop and ask yourself if it could be a scam. The British public receives around 70,000 password reset attacks each week – that’s seven per minute.
And, according to the LexisNexis Risk Solutions research, desktop computer users appear more at risk. This could make older people more vulnerable to this type of scam. Lyons explains that these scams often look legitimate, tricking users into clicking on malicious links.
If clicked, you could be directed to a fake login page that if you entered your username and password, cyber criminals could capture your login details and use them to access your accounts.
Tune into these telltale signs of a scam:
If any of these ring alarm bells, don’t click.
Setting up two-step or two-factor authentication (also called two-step verification) is a way to make it harder for scammers to gain control over your accounts. 2FA or 2SV, as it can be known, requires you to confirm your identity after you’ve entered your username and password by entering a one-time passcode, which you can get via an app or text message.
Only once you've entered that code are you granted access to your account. It acts as an extra lock, so even if someone gets your password, they’ll still need a second code to break in. You can check with banks and shops for how to enable two-step verification on your accounts, or have a look at 2fa Directory which gives details for a range of companies.
Storing passwords safely means you won’t have to remember them, and that frees you up to have a different, strong password for each website. So, can you write them down? Yes, says the National Cyber Security Centre, but keep them somewhere safe and out of sight and away from your computer.
However, you should be wary, depending on your own circumstances. The charity Age UK suggests you perhaps shouldn’t write them down if you have people coming into your home. If you do, write hints that only you’ll understand, rather than the actual passwords.
For a different method, if you use the Chrome web browsers or have an Android phone (in other words, not an iPhone), Google Password Manager will offer to save your passwords for you on that device. This is generally safe to do, but don't allow it if other people have access to your computer or if you’re using a shared computer outside your home – in the library or a community centre for example.
You can also use a password manager, which is an encrypted app on your phone, tablet or computer that stores your passwords, so you don’t need to remember them. Just make sure that your laptop or phone is secured by a PIN or password, so that others can’t access your details. You can find out more about password managers on the National Cyber Security Centre website.
Find out how to protect yourself from scams that promise big returns but are really just targeting your money.
.jpg?la=en&h=354&w=616&hash=5B2DDC7FA6F8687D79D901D435A709DA)
.jpg?la=en&h=354&w=616&hash=653168623B92F3457D40ACA115D37B3E)
There’s billions sitting unclaimed in shares and dividends – find out if any belongs to you.
.jpg?la=en&h=354&w=616&hash=C3C9927DFFB6073F7E40C6AC4B38DAEF)
.jpg?la=en&h=354&w=616&hash=A10D7327E975A53D59C8D6B3C7A0ECBA)
