• LinkedIn
  • Twitter
  • Google+
.
|
Launch Pad News
|
23 Password Statistics That May Change Your Password Habits
Posted on April 5, 2023 by

These days, it’s hard to get by without requiring passwords for multiple online accounts. Between work and personal life, the average internet user has dozens of password-protected accounts. Coming up with secure passwords and remembering them all can be a challenge. This goes a long way toward explaining why so many people use weak passwords and the same or similar ones across multiple accounts. If this sounds like you, you’re not alone.

Read on to find out some surprising password statistics and trends that may change the way you handle passwords. If you’d like to bump up your online security, we provide some tips for choosing and managing passwords at the end of this post.

Password statistics and trends
We’ve collected the most interesting password facts and statistics based on recent studies:

1. 75% of Americans are frustrated with passwords
A 2019 study conducted by Google in conjunction with Harris Poll found that keeping track of passwords is a source of frustration for the majority of Americans. A whopping three in four respondents say they struggle with passwords.

2. The most popular passwords are extremely easy to guess
The difficulty in keeping track of multiple passwords leads people to use easy-to-remember (and easy-to-guess) passwords. According to NordPass, the most common passwords in 2022 were:

password
123456
123456789
guest
qwerty

Equally concerning were Google’s findings that almost a quarter (24 percent) of Americans have used some variation of the following weak passwords: abc123, Password, 123456, Iloveyou, 111111, Qwerty, Admin, and Welcome.

Clearly these are all very simple for anyone to guess and so provide very little protection. This is reiterated by Google’s findings: of the 27 percent of Americans who have tried to guess someone’s password, 17 percent have guessed it correctly.

3. 59% use their name or birthdate in their password
Even if people are smart enough not to use the passwords mentioned above, the majority of users polled by Google have included easily discoverable personal information in their passwords such as their name or birthdate.

Other common blunders include using the names of pets, spouses, or children — according to Mozilla, almost 400,000 passwords contained the name “Joshua”, with around 141,000 people including “Isabella” in their password.

4. 43% have shared their password with someone
Almost half of Google respondents reported having divulged a password at some point. Granted, 57 percent of these shared it with a significant other, which makes the statistic easier to digest. However, only 11 percent change their password after a breakup. This could explain why in California 10 percent of survey participants have the password of an ex-partner or former roommate or colleague.

5. 20% have shared their email account password
You’d think that your email account password would be the last thing you’d want to share with anyone, but one-fifth of users polled by Google have done just that. What’s more, 22 percent have shared their password for a streaming site, 17 percent for a social media platform, and 17 percent for an online shopping account.

6. Only 45% would change a password after a breach
According to the Google survey, fewer than half of Americans say that they would change an online account password if they discovered it had been breached. This is in spite of the fact that 40 percent admit their personal information has been exposed online, 47 percent have lost money due to compromised information, and 38 percent have sacrificed time as a result of a data breach.

7. A 12-character password takes 62 trillion times longer to crack than a six-character password
Have you wondered why the length of a password is so important? Every character you add makes it much more difficult to crack. For example, assuming all lowercase characters and a 26 character alphabet, there are around 3 x108 possibilities for a six-character password. On the other hand, as discussed in a Scientific American article, there are around 19 x 1021 possibilities for a 12-character password with lowercase and uppercase letters, numbers, and symbols (say 10 options).

To put it in perspective, if a given computer could crack the six-character password in one second, it would still take more than two million years to crack the 12-character password.

8. 42% of organizations rely on sticky notes for password management
The Ponemon Institute’s The 2020 State of Password and Authentication Security Behaviors Report showed the results of a survey of more than 3,000 individuals and IT specialists. There were some surprising results including the fact that almost half of IT specialists reported that sticky notes are used to manage passwords in their organization.

9. IT professionals reuse passwords more than average users
Another surprising revelation was that password reuse was more common for IT professionals (50 percent of whom admitted to reusing passwords on work accounts) than for other individuals (39 percent of whom were guilty of the same). IT professionals were also almost as likely as other individuals to share passwords with others (51 percent and 49 percent respectively). One of the more shocking statistics was that after experiencing an account takeover, 75 percent of individuals changed the way they protected their accounts and managed passwords, but a much lower percentage (65 percent) of IT specialists did the same.

10. More than half of users would prefer an alternative method to passwords
The Ponemon Institute report found that 55 percent of individuals and IT specialists would like to protect their accounts by an alternative method that doesn’t involve the use of passwords. Most individuals are looking for ease of use on top of better security. 65 percent of IT professionals and 53 percent of individual users believe biometrics offer better security.

11. Over 40 million Microsoft users were found to have reused passwords
In a study that spanned just three months (January to March 2020), Microsoft found that a whopping 44 million of its users had used the same password on more than one account. Microsoft scanned its users’ accounts comparing the usernames and passwords to a database of more than three billion sets of leaked credentials. For users whose details matched a credential set in the database, Microsoft forced a password reset.

12. Almost two-thirds of people use the same password across multiple accounts
Another 2019 Google study in conjunction with Harris Poll found that 13 percent of people reuse the same password across all accounts, and a further 52 percent use the same one for multiple (but not all) online accounts. Only 35 percent use a different password for every account.

This is corroborated by other studies including a 2021 Spycloud study that says 70 percent of people reuse passwords for their personal accounts. This even applies to Fortune 500 employees, 64 percent of whom have the same password on multiple accounts.

13. More than one-third of people have over 20 passwords
According to the HYPR report, 37 percent of people deal with more than 20 passwords, and that’s just in their personal life. 19 percent also have more than 10 passwords for their work life.

In its 3rd Annual Global Password Security Report, LastPass determined the number of work passwords to be much higher at 85 for SMB employees and 25 for workers at larger companies. These numbers depend on industry and country. Media and advertising employees manage an average of 97 work passwords. Belgian workers deal with an average of 100 passwords. Even with these high numbers, only half of businesses offer a single sign-on solution that allows employees to sign in to more than one account with a single password.

14. 42% rely on memory for work passwords
Bitwarden has found that, as of 2022, 42 percent rely on memory to manage their work passwords. Perhaps more worrying, 53 percent had shared a password over email, with just 24 percent saying that they never share passwords.

15. 78% of people have had to reset their password in the last three months
A HYPR study in 2019 uncovered the high rate of password resets. More than three in four users admitted to forgetting a personal password and having to reset it within the past 90 days. This number was quite a bit lower when it came to work passwords, but still, well over half (57 percent) had required a work password reset in the same time period.

16. Employees use the same password an average of 13 times
LastPass found that employees reuse a password an average of 13 times. Reused passwords represent a huge risk as someone with access to one set of stolen or compromised credentials could use them to hack into other accounts.

LastPass breaks down the results by company size, industry, and country. Employees of small businesses are the worst offenders. Those working for companies with 1-25 staff reuse passwords an average of 14 times. Media and advertising companies are by far the most likely to reuse passwords, with an average of a whopping 22 reuses per password.

As for which country is the worst, Canadians lead password reuse with an average of 15 times, closely followed by several countries including Australia and Belgium, where users tend to reuse passwords an average of 14 times.

17. MFA blocks 99.9% of all attacks
If Multi-Factor Authentication (MFA) is enabled on an account, this means you need to complete two or more steps to access it. The multiple factors could be, for example, a password, a text or email code, or biometric solutions.

In a 2019 blog post, Microsoft manager Alex Weinert stated, “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”

18. More than half of individuals use 2FA
In 2004, Bill Gates predicted the death of the password as he envisioned the mass adoption of more secure systems such as Two-Factor Authentication (2FA). While Gates’ vision hasn’t come to fruition as quickly as expected (passwords are still very much alive), there has been a surge in the awareness and adoption of 2FA in recent years. According to Duo Labs’ 2021 State of the Auth report, which surveyed users in the US and UK, 78 percent of respondents had used 2FA. This figure had jumped from 53 percent just two years prior. The most common type used was SMS authentication, at 85.2 percent. Meanwhile, just 8.1 percent relied upon a hardware token.

19. Employees at 57% of businesses use MFA
According to LastPass, 57 percent of global businesses have employees who use multi-factor authentication. This figure is 12 percent higher than in 2018. The study also found that some countries are more likely than others to use MFA, with Denmark, Netherlands, and Switzerland being the most prominent users.
Usage rates depend on industry and company size too. As expected, technology and software companies are 2FA trailblazers. They are closely followed by the education, banking and financial, and telecommunications sectors. Larger companies are more likely to have employees using MFA than smaller organizations.

20. 2FA still has issues to contend with
According to the Ponemon Institute report mentioned above, there are complaints about 2FA, which could explain why adoption rates aren’t growing even quicker. 23 percent of users find 2FA methods involving mobile authentication apps or SMS to be inconvenient. More than half (54 percent) of these feel they interrupt workflow and almost half (47 percent) are irritated by having to copy and paste temporary codes. 21. Mobile apps boost employee password manager adoption rates
LastPass’s study showed that the rollout of user-friendly mobile apps is encouraging employees to use password managers. Almost a quarter (23 percent) of employees access their password manager vaults on their phones.

21. Regulations are prompting increases in MFA adoption rates
As LastPass points out in its report, regulations such as the EU’s General Data Protection Regulation (GDPR) and the Notifiable Data Breaches (NDB) scheme in Australia are changing the way businesses deal with data and may be responsible for things like better password security and more widespread adoption of MFA.

For example, it is now mandatory for companies under the jurisdiction of the GDPR to disclose data breaches in a timely manner. To support compliance, hefty fines have been issued. One example was Google’s €50 million fine in January 2019 over a user consent matter. And in 2021, an even bigger fine of €746 million was issued to Amazon for non-compliance.

While LastPass can’t directly correlate data to the GDPR rollout, it notes that significant increases in MFA adoption rates in many EU countries are likely tied to the regulation.

22. MFA adoption in Australia increased almost five-fold in one year
LastPass notes that since the introduction of Australia’s NDB scheme, the number of reported breaches increased from just over 100 to almost 1,000. What’s more, the adoption of MFA by businesses in the country increased dramatically from six percent to 29 percent. 24. Just over half of users know what password managers and 2FA are
Google found that only 55 percent of polled users could correctly define the terms “password manager” and “two-step verification.” Somewhat more concerning is that only 60 percent of users could correctly define the term “phishing” and a mere 32 percent knew what all three terms meant.

23. 80% of hacking-related breaches are linked to passwords
Verizon also studied 868 breaches involving hacking. The vast majority (four in five) of these were linked to passwords in some way; they either involved brute force attacks or the use of stolen or lost credentials.

For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.

This was originally posted by Comparitech. 

Posted in Launch Pad News, TechRecs: Cool Tools & Hot Topics, Small Business IT Management, IT Solutions - Stay Secure
Should You Use Google Password Manager?
What’s the Difference Between Sleep and Hibernate in Windows?

Related Posts

  • What Is Patch Tuesday? Microsoft’s Monthly Update Explained

    On the second Tuesday of each month, Microsoft and other tech companies release patches for
    read more
  • 10 Ways to Save Time on Your Windows 11 PC

    Windows 11 packs many features that you can use to speed up your tasks and
    read more
  • How to Automatically Fix Column Width to Fit Your Data in Excel

    There are numerous ways to change column widths in Excel, but did you know you
    read more
  • Why I Use a Privacy Screen When Working in Public

    Privacy screens are an affordable way to protect yourself from nosy colleagues and strangers whilst
    read more
Logging In...

Profile cancel

Sign in with Twitter Sign in with Facebook
or

Not published

TO WEBSITE >>
launchpadonline.com

CATEGORIES

  • Launch Pad News
  • TechRecs: Cool Tools & Hot Topics
  • Small Business IT Management
  • Small Business Web Strategies
  • IT Solutions – Cloud | Mobile
  • IT Solutions – Stay Secure
  • ITs Easy Being Green
  • RevITup TechCare Client Forum
  • GreenBack Nonprofit Wish List
  • Launch Pad Franchise Forum
  • Launch Pad Partner News

Cloud Computing in Plain English

Copyright © 2026 | Privacy Policy
  • LinkedIn
  • Twitter
  • Google+

Archives

  • January 2025 (1)
  • December 2024 (3)
  • November 2024 (4)
  • October 2024 (2)
  • September 2024 (4)
  • August 2024 (3)
  • July 2024 (2)
  • June 2024 (1)
  • May 2024 (3)
  • April 2024 (4)
  • March 2024 (2)
  • February 2024 (3)
  • January 2024 (4)
  • December 2023 (3)
  • November 2023 (3)
  • October 2023 (3)
  • September 2023 (3)
  • August 2023 (5)
  • July 2023 (3)
  • June 2023 (5)
  • May 2023 (4)
  • April 2023 (3)
  • March 2023 (4)
  • February 2023 (3)
  • January 2023 (3)
  • December 2022 (2)
  • November 2022 (2)
  • October 2022 (2)
  • September 2022 (3)
  • August 2022 (3)
  • July 2022 (2)
  • June 2022 (3)
  • May 2022 (2)
  • April 2022 (2)
  • March 2022 (2)
  • February 2022 (3)
  • January 2022 (2)
  • December 2021 (2)
  • November 2021 (3)
  • October 2021 (3)
  • September 2021 (3)
  • August 2021 (3)
  • July 2021 (2)
  • June 2021 (4)
  • May 2021 (3)
  • April 2021 (2)
  • March 2021 (2)
  • February 2021 (3)
  • January 2021 (2)
  • December 2020 (2)
  • November 2020 (2)
  • October 2020 (4)
  • September 2020 (2)
  • August 2020 (3)
  • July 2020 (2)
  • June 2020 (3)
  • May 2020 (2)
  • April 2020 (3)
  • March 2020 (3)
  • February 2020 (3)
  • January 2020 (4)
  • December 2019 (3)
  • November 2019 (2)
  • October 2019 (4)
  • September 2019 (3)
  • August 2019 (4)
  • July 2019 (2)
  • June 2019 (3)
  • May 2019 (3)
  • April 2019 (3)
  • March 2019 (3)
  • February 2019 (3)
  • January 2019 (4)
  • December 2018 (3)
  • November 2018 (4)
  • October 2018 (3)
  • September 2018 (2)
  • August 2018 (3)
  • July 2018 (3)
  • June 2018 (3)
  • May 2018 (2)
  • April 2018 (3)
  • March 2018 (3)
  • February 2018 (3)
  • January 2018 (3)
  • December 2017 (3)
  • November 2017 (4)
  • October 2017 (3)
  • September 2017 (4)
  • August 2017 (4)
  • July 2017 (4)
  • June 2017 (3)
  • May 2017 (5)
  • April 2017 (4)
  • March 2017 (4)
  • February 2017 (5)
  • January 2017 (4)
  • December 2016 (3)
  • November 2016 (4)
  • October 2016 (4)
  • September 2016 (4)
  • August 2016 (5)
  • July 2016 (4)
  • June 2016 (5)
  • May 2016 (3)
  • April 2016 (4)
  • March 2016 (4)
  • February 2016 (3)
  • January 2016 (3)
  • December 2015 (4)
  • November 2015 (4)
  • October 2015 (3)
  • September 2015 (3)
  • August 2015 (3)
  • July 2015 (3)
  • June 2015 (5)
  • May 2015 (4)
  • April 2015 (6)
  • March 2015 (4)
  • February 2015 (2)
  • January 2015 (5)
  • December 2014 (4)
  • November 2014 (3)
  • October 2014 (8)
  • September 2014 (5)
  • August 2014 (2)
  • July 2014 (3)
  • June 2014 (6)
  • May 2014 (3)
  • April 2014 (6)
  • March 2014 (5)
  • February 2014 (3)
  • January 2014 (5)
  • December 2013 (4)
  • November 2013 (4)
  • October 2013 (6)
  • September 2013 (3)
  • August 2013 (5)
  • July 2013 (6)
  • June 2013 (4)
  • May 2013 (3)
  • April 2013 (4)
  • March 2013 (4)
  • February 2013 (3)
  • January 2013 (5)
  • December 2012 (4)
  • November 2012 (5)
  • October 2012 (5)
  • September 2012 (6)
  • August 2012 (6)
  • July 2012 (6)
  • June 2012 (3)
  • May 2012 (7)
  • April 2012 (6)
  • March 2012 (10)
  • February 2012 (6)
  • January 2012 (5)
  • December 2011 (7)
  • November 2011 (9)
  • October 2011 (4)
  • September 2011 (4)
  • August 2011 (11)
  • July 2011 (14)
  • June 2011 (4)
  • May 2011 (11)
  • April 2011 (8)
  • March 2011 (11)
  • February 2011 (11)
  • January 2011 (21)
  • December 2010 (10)
  • November 2010 (10)
  • October 2010 (8)
  • September 2010 (10)
  • August 2010 (12)
  • July 2010 (8)
  • June 2010 (9)
  • May 2010 (8)
  • April 2010 (7)
  • March 2010 (10)
  • February 2010 (8)
  • January 2010 (6)
  • December 2009 (7)
  • November 2009 (13)
  • October 2009 (11)
  • September 2009 (16)
  • August 2009 (13)
  • July 2009 (16)
  • June 2009 (18)
  • May 2009 (16)