Most of us are probably aware that our passwords are a little too easy to crack, but it seems many are lured into a false sense of security that could leave them at greater risk of cyberattacks. It’s no secret that choosing a code and using it across multiple accounts is a bad idea, but picking endless different passwords can also be a massive irritation. In a bid to boost security, some people simply change one character, thinking this will decrease the chances of being hacked; sadly, that’s not the case.

New research from the team at tech firm NordPass suggests that 60 percent of UK web users admit they reuse passwords across multiple online accounts.

When a new password is needed due to a cyber attack or changes to security settings, people often just add a letter or a number to secure the new account.

That might sound enough to keep things safe, but as NordPass explains, “hackers love minor tweaks in your login credentials.”

Explaining more, Karolis Arbaciauskas, head of product at NordPass, said, “This risky habit, affecting nearly three in five users, creates a domino effect of vulnerability, where a single compromised password can unlock an entire digital life.

“Such a lax approach to security can result in stolen data or an emptied bank account, and a lot of anxiety.”

Here are some of the worst examples that you should avoid at all costs.

• Change from password to Password1

• Change from qwerty to qwerty123

• Change from admin to Admin

• Change from password to Passw0rd

The best passwords use a long mix of characters and and symbols. For example, if a current code is Liverpool, this should be changed to something like L1v-rp@0l.

Anyone struggling to remember their codes could also consider using a password manager to securely store all those important codes.

Another top tip is to add multi‑factor authentication (MFA) to as many accounts as possible.

“So far, this is the most reliable and convenient way to provide additional protection for business and personal accounts, NordPass explains.

“MFA, which requires you to provide a one-time code when logging in, can stop account takeover even when the threat actors have your password.”