Among a host of dangerous mistakes Australians keep making online is one that could expose not only their own private information to criminals, but also that of their employer.

Cybersecurity expert Lawrence Patrick revealed a shocking volume of Australians still weren’t changing passwords from their default settings, making the lives of hackers simple.

More than 20 million devices in Australia last year had the password, “admin”, with others including root, nc11, user, enable, 22, Default, 2Wire, Administrator and Guest not far behind.

“Once you set up a new account, you’re supposed to change the password, but a lot of businesses and companies either forget to do it, or they get lazy and don’t do it,” Mr Patrick, from cybersecurity company Zirilio, told news.com.au.

“That’s what makes equipment vulnerable to hackers, who can go in and use the default password and get administrative privileges to take control of the computer.”

Another common but highly risky error constantly being made by Australians was using the same password across all accounts, including emails and internet banking.

“If someone gets access to your email, then they’ll quickly have all your money. They can lock you out of your email, then move your money and you can’t even see what they’re doing,” Mr Patrick said.

Instead, users should either customise their own unique 12-character password for each account, or utilise a web browser or built-in smart device function that automatically generates strong passwords for them.

With the latter, users will be able to log into their accounts using the face ID function on their smart device, which removes the need to remember a password entirely.

“Any of the major browsers all have the ability to remember passwords for you, and will automatically fill in the password when you need to return to the site,” Mr Patrick said.

“It’s a much better way than someone trying to write down all their passwords and remember them.”

Mr Patrick suggested creating a strong password by taking the first letter from a line of a song lyric to form a random combination of words that would be memorable, but foreign to hackers.

He warned against people storing a list of their passwords in the “notes” application on their phone, given it made it easy for hackers to get all their information from the one place.

If anywhere, passwords should be stored in a separate phone app specifically designed to protect them.

Additionally, handwritten password reminders should never be left in the same area of the house as the computer, just in case a burglar goes searching for it.

Mr Patrick said while having a strong password was crucial, it still didn’t offer enough protection on its own.

He stressed the importance of also setting up multi-factor authentication, which he said would stop hackers even after they had figured out someone’s password.

“There is a very strong chance that your username and password combination is already in the hands of hackers, as a result of a data breach in the past,” he said.

More Coverage

Melbourne widow loses $760k to scammers

Alex Turner-Cohen

‘Dumb’ Brisbane dad’s incredible revenge

Alex Turner-Cohen

People using the same login details for personal and work devices should take action to change them immediately.

“If you have ever used the same password for a work account and a personal account, you should assume your company is vulnerable as that password has probably already been bought and sold many times.”

People curious about whether their details have been caught up in a security breach can run their email address through the “have I been pwned?” website.