GoCompare uses cookies. By using the website you agree with our use of cookies. Continue Find out how to manage cookies and view our policy here

Young people most at risk of online account hack

08 November 2016

Research follows recent Tesco Bank and Yahoo! hacks

  • 86% of 18 to 24 year olds share personal data – which could be used to create passwords and PINs - on social media;
  • Half of millennials use the same passwords and PINs on most of their online accounts;
  • Gocompare.com shares the six quick tips for creating passwords and PINs;
  • Gocompare.com has created an infographic guide to protecting your money online

Young adults (18-24 year olds) are the first generation to have grown up with home computers, social media, online shopping, banking and payments. However, new research reveals that they could also be the most vulnerable to online hackers.

The Passwords and PINs research*, commissioned by Gocompare.com Money, found that 18 – 24 year olds are the least likely to keep their personal information safe – potentially making their online accounts more susceptible to cybercrime.

A strong, unique password or PIN can help protect your online accounts against cybercriminals or hackers.  The survey found that young adults are more lax about their personal information and online security than other age groups.  Half of 18 to 24 year olds surveyed admit to using the same passwords and PINs across most of their accounts and are twice as likely as all adults to create weak passwords which only use letters.  Most (86%) are also guilty of over-sharing their data on social media and post personal information which is commonly used to create passwords and PINs;

18 to 24 year olds

All adults

I use the same passwords or PINs across most of my accounts



I rarely change my passwords and PINs



I regularly change my passwords and PINs



I use letters, number and symbols to create passwords



I only use letters in passwords



I keep passwords and PINs stored on my phone



The survey found that pets’ names were both a popular source of inspiration in creating passwords and for social media postings.  It revealed that 16% of young adults had used their pets’ names in their passwords (12% for all adults) and 30% said that they had shared details of their pets on social media (13% for all adults).

Other personal information used to generate passwords and PINs included year of birth (16% of 18 to 24 year olds; 11% for all adults); birthday day and month (11% of 18 to 24 year olds; 7% for all adults).  But again, the survey revealed that Millennials were freely making this information public on their social media accounts:

Information made public/shared on social media

18 to 24 year olds

All adults




Birth day and month



Year of birth



Partner’s name



Pets’ names



Telephone number



Matt Sanders, head of money at Gocompare.com, commented: “This week’s Tesco Bank hack is just the latest in a string of attacks from cyber criminals, and follows not long after the worst ever hack inflicted on a company, which saw the personal details of at least 500 million Yahoo! accounts stolen by hackers.

“While these breaches of security are not the fault of customers, they do act as a vital reminder about the importance of actively managing passwords and PINs to keep our information safe and secure – especially as we enter the Christmas shopping period.

"From shopping, socialising and managing our finances we are increasingly living our lives online.  A strong, unique password or PIN – which is difficult to crack or guess – can help protect you against hackers and other cybercriminals.

“With many of us sharing so many aspects of our lives online through social media, people are potentially leaving large pools of information that could be used to guess passwords, out in public for criminals to take advantage of. These can include your date of birth, your address, where you went to school or your anniversary, among other things. While these sound like basic things, our research has shown just how easy it can for people to slip up.

“For a strong password, we recommend you use a minimum of six characters which include a combination of upper and lower case letters, numbers and symbols – such as exclamation or question marks.  And, remember to use a different PIN or password for each account or application you access, otherwise if your password is stolen – criminals will have access to all your online accounts.

Matt Sanders added: “Often overlooked, a secure PIN is becoming increasingly important. For ease of access, most computers, tablets and phones offer a PIN in lieu of a password, however many users still opt for the default, four letter PIN provided. As we store more information on our mobile devices, such as online banking accounts or virtual wallets like Apple Pay, having an easily guessable PIN could give hackers access to more than you might think.

“For a secure PIN, avoid ascending or descending numbers, for example 1234 or 4321, and steer clear repeated numbers or easily recognisable keypad patterns such as 12369, 2580 or 0000.  Also, if given the option, choose a PIN longer than four characters, as the longer the PIN the more potential combinations there are, making it harder to guess.”


  • Mix it up – use a mixture of upper and lower case letters, numbers and symbols such as !£?;
  • Change letters to numbers or symbols – for example E becomes 3, S to 5;
  • Create long passwords of at least six characters, the longer the better. These are harder for criminals to crack;
  • Do use different passwords and PINs on different accounts;
  • If you suspect someone else knows your password or PIN, change it;
  • If you need to write passwords down in order to remember them, encrypt them so they are indecipherable to other people.


  • Don’t use easy to guess information such as your name, the names of other family members, your pets’ names as your password;
  • Don’t use the word ‘password’ as your password;
  • When creating a PIN avoid using ascending or descending numbers, for example 1234 or 4321, repeated numbers (e.g. 9999) or easily recognisable keypad patterns such as 12369 or 2580;
  • Don't use the same password across different sites.  If one site gets hacked and your password is stolen, hackers will often try it on other sites.
  • Don’t disclose your passwords or PINs to anyone else.

For more ideas and information on protecting your information online see Gocompare.com Money’s Infographic.

- ENDS -

Notes to editors:

*On 26 September 2016, Bilendi conducted an online survey among 2,000 randomly selected British adults who are Maximiles UK panelists.  The margin of error-which measures sampling variability-is +/- 2.2%. The results have been statistically weighted according to the most current education, age, gender and regional data to ensure samples representative of the entire adult population of United Kingdom. Discrepancies in or between totals are due to rounding.