It’s important to safeguard your device and data by prioritizing your password security. However, many people don’t take it seriously. They use unsafe password practices that can expose them to privacy risks.
Today, we’ll be talking about these common password statistics. Let’s get started!
General Password Statistics
Password creation is often oversimplified. This is why it’s common for people to fall victim to security breaches. To help you understand why it’s important to take password creation seriously, here are some general password statistics.
- Over 80% of security breaches are due to poor passwords. (LastPass, 2021)
- Typically, it takes a person less than 15 seconds to put in a password. (LastPass, 2021)
- About 50% of individuals have a basic knowledge of the best password security practices. (Bitwarden, 2022)
- Over 24 billion passwords were compromised and exposed by hackers in 2022. (Digital Shadows, 2022)
- The chances of someone getting their identity stolen due to not using a password manager is 3 times higher than if they use one. (Security.org, 2023)
- 60% of people strengthen their passwords after noticing security breaches on their accounts and devices. (Norton, 2021)
- 91% of internet users are aware of the security risks of reusing their passwords. (LastPass, 2021)
Poor Password Statistics
Weak passwords can easily be guessed since they’re usually made up of basic personal information or common terms/numbers. This essentially helps hackers access your data conveniently. So, to shed more light on the risks of using weak passwords, here are some facts about it.
- The top commonly used password is 123456. (CNBC, 2023)
- The most basic passwords can be hacked in less than one second. (CNBC, 2023)
- 18% of people make their pet’s name their password. (Security.org, 2021)
- 15% of people use their name as their password. (Security.org, 2021)
- Over 6 in 10 people reuse passwords regularly. (LastPass, 2022)
- Just 12% of people use less common passwords. (LastPass, 2022)
- Over 25% of people don’t know when they last reset their email password. (PC Matic, 2022)
- Almost 65% of passwords are only 8-11 characters long. (Security.org, 2021)
- 21% of people use their birthday in their passwords. (Security.org, 2021)
- 73.3% of people who try to figure out other people’s passwords guessed correctly. (Beyond Identity, 2021)
- Gen Z reuse the same password in different variations about 69% of the time. (LastPass, 2022)
- Under 50% of Americans think that they have strong passwords. (Security.org, 2021)
- 10% of people can guess other people’s passwords by checking their social media pages. (Beyond Identity, 2021)
- Although 89% of individuals know that reusing passwords exposes them to security risks, just 12% of these people have different passwords for different accounts. (LastPass, 2022)
- Almost 40% of people share their passwords with other people. (Security.org, 2021)
- By adding one unique character to a typical 10-character password, you can increase how long it takes hackers to hack your password by almost 2 hours. (CPO Magazine, 2022)
- 68% of people have multiple accounts with the same password. (Security.org, 2021)
- Over 33.3% of people would find it embarrassing to read out their passwords to other people. (Beyond Identity, 2021)
- Almost 13% of people use their spouse’s name as their password. (Security.org, 2021)
- 13% of internet users create their passwords with the same effort regardless of what they want to use the account for. (LastPass, 2022)
- 61% of people whose passwords got hacked had passwords shorter than 8 characters. (Security.org, 2021)
- Less than half of internet users think that their music account password is safe. (Beyond Identity, 2021)
- About 2% of internet users have used a password that’s over 20 years old. (Beyond Identity, 2021)
- 23% of people admit that they can share their password with a roommate. (Beyond Identity, 2021)
- 10% of people still use the same password that they created in middle/high school. (Beyond Identity, 2021)
- 27% of people use password generators to create random new passwords. (Security.org, 2021)
- 80% of people update their passwords at least once a year while 20% don’t. (Beyond Identity, 2021)
- Only 31% of people who got a cybersecurity education stopped reusing passwords. (LastPass, 2022)
- 17.3% of people create passwords based on sequential letters/numbers. (Beyond Identity, 2021)
- On average, people share about three of their passwords with others. (Beyond Identity, 2021)
- 37.6% of people don’t use password generators for any of their online accounts. (Beyond Identity, 2021)
- About 40% of people didn’t change their domestic Wi-Fi password since it was initially set up. (PC Matic, 2022)
- 65% of people use SMS-based 2FA even though it’s the least secure method of 2FA. (Bitwarden, 2024)
- In passwords for work, 37% of US employees use their employer’s name. (Keeper Security, 2021)
- Half of IT leaders don’t think passwords are a strong security measure. (Ping Identity, 2022)
- 18.82% of passwords that got cracked consisted of only lowercase letters. (Specops Software, 2024)
Data Breach Statistics
As we said earlier, your password is the key to accessing your sensitive data. Hackers are aware of this so they can use cyberattacks like phishing to steal your passwords. To understand how common data breaches are, here are some password breach statistics.
- In the last 18 months, 25% of individuals were affected by a password breach. (Bitwarden, 2022)
- Only 26% of people report that they’ve never had their password knowingly hacked. (Beyond Identity, 2021)
- About 38% of US residents have gotten their passwords hacked at least once. (Security.org, 2021)
- Over 33.3% of people have tried to guess someone’s password. (Beyond Identity, 2021)
- 12% of people know someone whose password has been breached. (Ponemon Institute, 2020)
- 10% of individuals have accessed their partner’s accounts like social media after learning their password. (Norton, 2022)
- Compromised credentials like passwords make up 63% of social engineering attacks. (Verizon, 2022)
- 37% of tech security employees are concerned about the security of their personal information. (Ponemon Institute, 2020)
- Nearly 60% of tech security specialists report that their customers have experienced account takeovers. (Ponemon Institute, 2020)
- Stolen passwords are the cause of over 80% of web attacks. (Verizon, 2022)
- The personal email accounts of over 23% of people have been compromised at some point. (Beyond Identity, 2021)
- More than 50% of people who have had their account taken over change their password frequently. (Ponemon Institute, 2020)
- The online banking accounts of 18% of people have been hacked. (Beyond Identity, 2021)
- After an account takeover, 35% of individuals start using two-factor authentication (2FA) and multi-factor authentication (MFA). (Ponemon Institute, 2020)
- Over 25% of individuals have gotten their password cracked more than 2 times. (Beyond Institute, 2021)
- 32% of people who had their data stolen report that it was used to commit fraud. (Ponemon Institute, 2020)
- The average cost of a data breach is $4.45 million. (Ponemon Institute, 2023)
- 62% of people with high password fatigue experience more data breaches compared to those with low password fatigue. (Beyond Identity, 2022)
- 34% of people who experienced password breaches were alerted by their password manager. (Bitwarden, 2022)
- 35% of individuals had their accounts taken over by cybercriminals. (Ponemon Institute, 2020)
- Stolen passwords are the cause of 80% of mail server attacks. (Verizon, 2022)
- 18.4% of people who guessed someone’s password correctly looked through the person’s social media account to find information about them. (Beyond Identity, 2021)
- Over 50% of individuals admit to attempting to figure out their partner’s password. (Beyond Identity, 2021)
- Nearly 1 in 4 individuals admit that they try to predict their child’s password. (Beyond Identity, 2021)
- In 85% of data breaches, a human element like phishing and human error was involved. (LastPass, 2021)
- 61% of breaches exploit user credentials. (Verizon, 2023)
- 95% of reported breaches are for financial reasons. (Verizon 2023)
- In 2023, external actors and hackers were responsible for 83% of breaches. (Verizon, 2023)
- Phishing makes up 36% of data breaches. (Verizon, 2020)
- Only 53% of IT managers changed their organization’s password after experiencing multiple data attacks. (Ponemon Institute, 2020)
- 83% of compromised passwords have all the characteristics of strong passwords. (Specops, 2023)
- 31% of employees state that their workplace security habits are somewhat risky. (Bitwarden, 2024)
- 42% of people access personal and work data using public networks which puts them at risk of being cyberattacked. (Bitwarden, 2024)
Personal Password Statistics
Generally, people’s password use differs and changes over time. However, these statistics give you a fair idea of the general public’s password use.
- Typically, people reuse their passwords on 10 separate accounts that belong to them. (Ponemon Institute, 2020)
- Protecting their login credentials is the top concern of 44% of people. (Ponemon Institute, 2020)
- Over 50% of internet users prefer security measures that aren’t passwords. (Ponemon Institute, 2020)
- To secure their online accounts, 36% of individuals use 2FA. (Ponemon Institute, 2020)
- Over 50% of people want to secure their online accounts more. (Ponemon Institute, 2020)
- SMS codes (41 percent), backup codes (40 percent), or mobile authentication apps (37 percent) are the three main 2FA methods for customers. (Ponemon Institute, 2020)
- 69% of people use MFAs while 55% use password managers. (Astra Security, 2023)
- Over 50% of people report that they want to create more secure email passwords. (LastPass, 2022)
- Password generators are used by 27% of internet users to develop random passwords. (Security.org, 2021)
- 13% of people think that MFAs are too expensive. (SANS, 2021)
- Whenever they forget their password, the average person spends about 4 minutes resetting it. (Norton, 2023)
- 37% of people learned about strong passwords by looking it up online. (Beyond Identity, 2021)
- Almost 70% of people want to have stronger bank account passwords. (LastPass, 2021)
- 38% of people think that their life is harder simply because they have to use MFA. (SANS, 2021)
- 60% of people believe that other people’s accounts are less secure than theirs. (Google, 2019)
- Almost 42% of people manage passwords for over 10 websites. (Bitwarden, 2022)
- 89% of people use password-protected WiFi networks. (PC Matic, 2022)
- 79% of individuals use passwords to log in to websites multiple times a day. (Bitwarden, 2022)
- Nearly 70% of people think that the password for their online bank account is secure. (Beyond Identity, 2021)
- Roughly 40% of American experience a special type of fatigue for passwords. (Beyond Identity, 2022)
- 30% of people spent the most time changing their bank passwords. (Norton, 2023)
- 1 in 4 millennials use random password generators for their social media accounts. (Beyond Identity, 2021)
- 68% of people use password managers so they can remember passwords easily. (Security.org, 2023)
- 78% of individuals who experience high password fatigue deal with negative mental health effects. (Beyond Identity, 2022)
- Over 70% of people save their passwords via the cloud. (Beyond Identity, 2022)
- 42% of people have passwords that contain profanity. (Security.org, 2021)
- 61% of people don’t use passwords that contain personal information for work-related accounts. (Ponemon Institute, 2020)
- 74% of password manager users think it’s safe to use. (Security.org, 2023)
- Personal emails are more likely to get compromised. (Beyond Identity, 2021)
- 25% of people have stored their passwords in their browsers. (Security.org, 2023)
- About 70% of individuals admit that they can give their password to their partner. (Beyond Identity, 2021)
- More than 50% of people believe that 2FA interrupts their productivity. (Ponemon Institute, 2020)
- 25% of individuals said they learned more about strong passwords via their employer. (Beyond Identity, 2021)
- 57% of people use modified old passwords. (Security.org, 2021)
- Every month, 34% of people change all their passwords. (Bitwarden, 2022)
- Only 31% of people stopped reusing passwords after getting a cybersecurity education. (LastPass, 2022)
- 37% of internet users let their browsers automatically fill in passwords. (Ponemon Institute, 2020)
- Internet users over the age of 50 tend to have multiple passwords for different accounts. (Google, 2019)
- 70% of people prefer security over easy-to-remember passwords. (Bitwarden, 2021)
Password Statistics for Businesses
Typically, people tend to follow better password practices for their work-related accounts. Here are some business password statistics to see what password use in the workplace is like.
- On average, employees use the same passwords 13 times. (LastPass, 2021)
- 20% of employees state that their employer is responsible for creating work-related passwords. (PC Matic, 2022)
- 63% of individuals think that employers should provide their employees with password managers. (Bitwarden, 2022)
- Nearly 33% of employees create strong passwords for work accounts. (LastPass, 2021)
- Employees can spend up to 36 minutes every single month to type out new passwords. (LastPass, 2021)
- Employees type out login credentials about 154 times each month. (LastPass, 2021)
- About 67% ratio of IT professionals state that their company requires password changes periodically. (Ponemon Institute, 2020)
- Over 75% of employees have regular password-related issues. (LastPass, 2021)
- Seventy-six percent of employees create their own work-related passwords. (PC Matic, 2022)
- On average, employees use 191 varied logins. (LastPass, 2021)
- 60% of people in the US state their workplaces change their password after experiencing a data breach. (Ponemon Institute, 2020)
- 65% of tech professionals believe that in the future, their organization will adopt security authentication measures that don’t require passwords. (Ping Identity, 2022)
- Smaller companies with fewer than 1,000 employees use the same passwords more than bigger companies. (LastPass, 2021)
- 92% of tech professionals think that the mixture of remote and in-person work has made their employees develop bad password practices. (Ping Identity, 2022)
- On average, a 200+ person company uses roughly 45,000+ passwords. (LastPass, 2021)
- Typically, a company loses $450+ worth of productivity every year due to the time employees spend resetting passwords. (Beyond Identity, 2022)
- 23% of employees get their saved passwords via their phones. (LastPass, 2021)
- Employees in the media and advertising industries are more likely to reuse passwords compared to employees in other industries. (LastPass, 2021)
Password Statistics on Managing Passwords
People use different methods to manage their passwords. Some use password managers while others commit their passwords to memory or write them down. Here are some password management statistics to see how the general public manages their passwords.
- 41% of individuals manage their passwords by keeping them in their memory. (Security.org, 2023)
- 28% of people who don’t use password managers think that they aren’t safe. (Security.org, 2023)
- 45 million people use password managers to manage their passwords. (Security.org, 2023)
- Over 25% of people use the master password of their password manager for different accounts. (Security.org, 2023)
- About 35% of people use password managers so that they can use unique passwords for multiple accounts. (Norton, 2023)
- Almost 85% of people have a password manager on their phone. (Security.org, 2023)
- 50% of people who use password managers got it for their private accounts. (Security.org, 2023)
- Nearly 25% of people use a document to keep track of passwords. (Bitwarden, 2022)
- 47% of millennials keep track of their passwords by memorizing them. (LastPass, 2022)
- 70% of people who use password managers use free ones. (Security.org, 2023)
- 10% of people who use password managers spend $1-$20 every year on it. (Security.org, 2023)
- Fewer than 40% of workplaces use a password manager because it’s a requirement. (Ponemon Institute, 2020)
- Over 75% of people change how they manage their passwords after experiencing an account takeover. (Ponemon Institute, 2020)
- 46% of people use password managers for both work and personal use. (Security.org, 2023)
- 30% of people have password managers so that they can easily access their passwords. (Astra Security, 2023)
- 38% of non-users don’t have password management tools because they think their current password management system works fine. (Bitwarden, 2022)
- 38% of IT professionals report that their workplaces don’t use password managers. (Norton, 2023)
- 53% of people admit that they use their memory for workplace accounts accounts while 34% write their passwords down. (Bitwarden, 2022)
Password Reset Statistics
Curious about how poor password practices affect how often people reset their passwords? Here are some password reset statistics.
- 45% of people change their password at least once a year because of incorrect login details. (Beyond Identity, 2021)
- 57% of people immediately forget their password after resetting it. (LastPass, 2021)
- 1 in 5 people reset their passwords several times a week because they forgot the previous one. (Bitwarden, 2021)
- 48% of people are likely to abandon a site that doesn’t let them reuse their passwords. (Beyond Identity, 2021)
- 25% of people who shop online state that they’d abandon their carts of $100 if they had to reset their password at checkout. (Beyond Identity, 2021)
- 76% of people admit that they’ve abandoned their carts at the checkout because they had to reset their password. (Beyond Identity, 2021)
- 18% of individuals reset their work passwords an average of 5 or more times. (Dashlane, 2020)
- 12% of people admit that they would likely use a variation of an old password if they have to reset their password due to login issues. (Beyond Identity, 2021)
13 Tips To Upgrade Your Password Security
If you’re curious about how to improve your passwords, here are some of the best password security tips you can implement.
1. Use a Different Password for All Your Accounts
Reusing the same password is a bad password security practice. It makes it faster for hackers to access all your sensitive data. By using a unique password, you ensure that your other accounts stay secure even if one of them gets hacked. If you find it difficult to create strong passwords, you can use this free password-generating tool to create strong passwords.
2. Avoid Using Public Wi-Fi
Using Public Wi-Fi increases the risk of you getting hacked. So, you should always try to avoid using one. However, if you need to connect to a public Wi-Fi, use a high-quality VPN like ExtremeVPN to keep your online activities anonymous.
3. Don’t Use Private Information to Create Your Password
Most people include their personal information when they’re creating a password. However, it makes it easier for someone to crack/guess your password.
4. Don’t Share Your Password
Sharing your password with other people is another bad password practice. It’s necessary in some cases (for work or your safety) but it should be avoided. This way, your password won’t get compromised.
5. Prioritize the Length of Your Password
Typically, your password length is supposed to be 14-16 characters long. However, most people create passwords below the standard character length. This makes it easier for people to crack/ guess your passwords. By increasing your password length, you can reduce your chances of getting cyber-attacked.
6. Change Your Passwords Frequently
Ensure that you change your password at least every 3 months especially when you experience a data breach. You should also change your password if you haven’t used a particular account in a while or if you log into an account on someone else’s device.
7. Activate a Two-factor Authentication (2FA)
A two-factor authentication is an additional security feature that ensures the safety of your data. It does this by using two different methods to confirm account access. This way, you can decrease the risk of your online account getting hacked.
8. Don’t Write Down Your Passwords
Writing your passwords can prove fatal if it ends up with the wrong password. To safeguard your data and keep track of your passwords, you can try using a password manager instead.
9. Use Unique Characters and Numbers
Using special characters and numbers strengthens the security of your password and safeguards your data from cyberattacks.
10. Use Random Words and Phrases
Using simple words and phrases makes you more susceptible to cyber-attacks. To protect yourself, use random words and phrases in your password.
11. Monitor Your Accounts Regularly
Monitor all your accounts regularly so that you’ll notice suspicious activity on time. This includes unauthorized logins and attempted password resets that you didn’t initiate.
12. Don’t Store Your Password in Your Browser
Passwords shouldn’t be stored in your browsers since they can easily be accessed by hackers. Instead, you can commit your password to memory or use a password manager.
13. Use a Password Manager
Password managers are useful for creating and managing your passwords. Using it also helps you access your saved passwords conveniently.
Conclusion
Having good password practices is essential for protecting your data while surfing the web. Always ensure you create strong and secure passwords and that you store them appropriately. This way, you can keep all your data safe and avoid becoming a password breach statistic.
Need to generate a strong password? Head over to the password generator on our site. It works, is effective, and is completely free to use.