More than four in ten (41 percent) web users have shared their online passwords with friends or family, says Webroot.
Research by the internet security firm revealed that 41 percent of web users claim they use the same password for multiple online accounts while a quarter admitted to using a memorable date, such as their birthday or anniversary as a password.
Web users aged 18 to 29 are by far the worst offenders when it comes to keeping their passwords safe. More than one in ten (12 percent) have shared a password via text message.
Over half (51 percent) of all web users admitted to avoiding special characters such as '&', '?' or '#' in passwords, despite the fact Webroot says it would make it more difficult for cyber criminals to guess passwords. Meanwhile, only 16 percent use passwords that are more than 10 characters in length.
More than eight in ten Brits have five or more online accounts that require passwords, but just one in ten say they use separate passwords for every online account they have.
More than nine in ten (92 percent) said the password-protected account they accessed the most was their online banking service. This was closely followed by email, which was named as a commonly used secure account by 88 percent, and online retailers (81 percent).
However, more than half (55 percent) admitted they frequently forget their passwords and use the recovery function provided by the account.
Nearly half (49 percent) of web users believe their passwords are secure. However, 89 percent that use an unfamiliar computer don't check the network connection is secure before typing in passwords and only four percent check to see if the machine is infected with a virus first.
Nearly one in five (19 percent) said they never change their online banking password, while only 38 percent of Facebook users change their password for the social networking site.
"Using good passwords and security practices will help thwart similar attacks: Make a common practice to never store your password in a browser or FTP site, and have reputable, up-to-date antimalware protection in place," said Jeff Horne, director of threat research at Webroot.
Webroot advised web users to use a different password for every online account, as well as ensuring passwords an unique, change them periodically and never shre them with friends or family. The security firm also urged users never to let their browsers save their passwords.