Almost half of Australians use a weak password, here’s what that looks like

Brisbane, Snoopy, and MayTheFifth. Just a random collection of words? Not quite.
· 20 June 2023 · 3 minute read

We recently conducted research with YouGov that found almost half of Aussies (46%) use an easy-to- guess password that contains either their favourite sporting team, pet’s name or their birthday.

Of those people, 20% have used their pet’s name – if that’s you, maybe don’t go around blasting your pet’s name on its harness and definitely consider updating it.

A further 17% admitted to using their birthdate as – or in – their password, and another 9% said they have used their favourite sports team – but, as a password we think Brisb@neLion$ is a bit weak.

Using these passwords makes it especially easy for hackers to access your accounts and personal details without too much guess work.

It’s like plastering your password around town for the world to see.

In fact, it’s so much like that, we thought we’d show you.

Here are our top tips for password security

Use a password manager

Huge lists published online containing millions of hacked usernames and passwords increase the chance that criminals will compromise accounts with reused passwords.

These attacks occur at scale. Criminals can automatically cycle through thousands of compromised logins until an attempt is successful.

This is where a password manager helps. These set and store highly-complex, random and unique passwords inside a secured service that is protected with the only password you need to remember. Set one password and forget the rest.

There are many free and easy options available, but you may find it easiest to use the built-in managers you may already have.

Apple’s iCloud keychain password manager is built into iPhones, iPads, Mac OS, and the Safari web browser. Google’s password manager is built into Android-based phones including Pixel and Samsung lines, tablets, and in the Chrome web browser.

Web browsers Firefox and Edge also contain a built-in password manager, while separate free and paid apps exist that work across all mobile devices and computer operating systems.

A good password is a sentence

For decades we’ve all been taught to use passwords that are hard to remember and often easy for computers to break.

Likewise, we’ve all become used to requirements to set passwords with an upper and lowercase letter and a special character which ends up with people setting predictable passwords such as P@ssw0rd1 or Summer2020!, and hackers know it.

So make the last password you need to remember for your password manager one that is strong but easy to remember by using a passphrase that is unique to you.

Write it as a normal sentence, complete with spaces, and throw a number and a few capital letters somewhere to make a highly original combination. Don’t use cliches like I hate Mondays or famous phrases as these could be guessed.

Here are a few good examples, but please don’t copy these as your own!

  • Time for tea at 1:23 (rhyming may help you remember)
  • Somewhere, under TR (altered version of ‘somewhere over the rainbow’)
  • horsebatterystaplertelephone (random unrelated words that have personal meaning)

Don’t want to use a password manager? 

Managers are in large part a convenient way to set, save, and secure your passwords, but they may not be for everyone.

Those less comfortable with smartphones and apps may instead prefer to write down their passwords on paper. This is fine, provided a few steps are followed.

Never let people you don’t trust see your written passwords. In practice this means never taking your passwords outside, including in a wallet, purse, or backpack. About 1.2 million Australians keep passwords in their purse or wallet.

If keeping passwords only inside your house is too inconvenient, then consider a password manager.

You should also avoid storing passwords in any online service that is not a password manager, like a digital notepad, as doing so comes with security risks.

Telstra has developed a simple way to help protect yourself online: Be SUSS.



By Darren Pauli

Security Special Projects

Darren is an information security reporter with more than a decade's experience in the beat. He came to Telstra's cyber security unit after serving as an infosec correspondent for various tech-focused publications. You'll find Darren in his spare time pursuing all things fitness and breaking things on his motorbike and around the house.