Passwords are the most standard way of authentication on different platforms and systems. As such, they are extremely important in the protection of your data. Data can be very sensitive, and many people don’t get the importance of choosing a strong password that can protect their data from being stolen, so they still use simple passwords such as “qwerty”, “12345678” and similar, which have statistically been proven to be among the worst passwords to choose.
Many websites and apps now require users to follow a certain pattern when creating their account and meet the requirements in terms of capital letters, special characters, a certain number of characters, and other requirements depending on the security policy that the site you are trying to register to has.
While strict rules for password policy help prevent hacks and cyberattacks in the great matter, it’s still not enough, because many websites still don’t have a way to check passwords that is sophisticated enough to prevent data breaches.
Even next to all futureproofed encryption algorithms, password managers, and advanced security tools that help users stay protected online, passwords are still relatively easy to crack. People make a lot of websites that require you to hold an account, and while it’s relatively easy to connect with a Facebook account or Google, it still means sharing your info with platforms you may not like.
Additionally, if you don’t use Facebook or Google accounts to connect to other platforms, we can freely say that an average person has 50 to 100 different accounts to which they can connect. That being said, even with a powerful and reliable password manager, it becomes incredibly difficult to keep up with all the different passwords.
Having the same passwords for different accounts can potentially expose you to the risk of getting multiple accounts hacked.
There are a lot of things about passwords that you probably don’t know. To make yourself feel more secure and confident about your data, continue reading the password statistics we gathered in this article.
You’ll probably feel surprised, or even shocked about some of the data we uncovered. But, you’ll also understand why you need to keep all your passwords secure.
Key Password Statistics to Know in 2024
We highlighted the most important password statistics that you may want to know in 2023. You’ll definitely want to check all your passwords once you’re done reading this!
- The ideal length of characters for a strong password includes 8 or more letters.
- People can use up to 85 passwords for all their accounts
- People who use multi-factor authentication on their accounts can prevent as much as 99.9% of all cyberattacks
- Roughly 50% of all Internet users use the same passwords for all their accounts
- Two-thirds of people will create a password that is similar to the previous one when changing it
- Most popular passwords among 24% of Americans include “Qwerty,” “password” and “123456”
- More than 23 million people use the “123456” password
- Around 15% of people put their first name inside their password
- 9% of people will only change their password if the platform they are registered at prompts them to change it.
- If you place a 12-character password, it’ll take 62 trillion times longer to breach it compared to half as many character passwords.
- Phishing is involved in more than 36% of account breaches in 2020
Detailed Password Statistics for 2024
If you’d like to learn more about password statistics, in more detail, continue reading the statistics below.
6% of People Worldwide Reset Their Passwords Everyday
(Statista)
According to Statista, every day around the world, at least 6% of the population that uses the Internet will change their passwords or reset them due to forgetting them. Over 44% of Internet users change them rarely, while 15% of users will reset them once a week, followed by 34% of online users who will reset their passwords roughly about a month.
The online users were surveyed all across the globe back in April 2022, so this is one of the freshest statistics up to date. While 6% of password resets daily may seem like a lot, it’s still not that concerning, especially if more users are adopting encryption tools to protect their passwords from being breached.
The Password “123456” is One of the Most Popular Passwords in the World
(NordPass)
According to the survey in NordPass, the password “123456” is the most popular password in the world. More than 103 million accounts are secured by this password, which makes a large portion of users around the world.
What’s scarier is that it’s far from the safest passwords in the world, according to the same survey, hackers using mediocre tools for data breaching would take less than a second to penetrate through. That being said, you should consider getting some other password that can be relatively easy to remember, but not contain so many obvious values, and patterns.
Given these widespread statistics, the hackers probably don’t have to use any software to breach the password, all they have to do is feel lucky enough to try the “123456” combination.
Average Password Contains 8 or Fewer Characters
(Dataprot)
Most websites that you’re registering to will require you to come up with a password with 6 characters or more. As the security threats became more frequent and more sophisticated, many platforms wanted to take password security to the next level and require their users to come up with passwords that are at least 8 characters long.
Unfortunately, coming up with an 8-character password on a whim is challenging, because it requires people to think fast, and also come up with a relatively secure solution. Additionally, when typing the password later on phone, it’s significantly easier to type up an 8-character password than that of 12 characters.
That being said, it doesn’t surprise us that on average, online users come up with passwords of 8 characters or fewer. Nevertheless, security experts continue to encourage users to write longer and more secure passwords to avoid data breaches.
Longer passwords are usually harder to crack. Still, as many as 30% of passwords have exactly 8 characters, while the second place belongs to the 6-character passwords which make up to 20% of the total number of surveyed users.
About 45% of USA-based Adult Users Will Change Their Passwords After the Data Breach Took Place
(Google)
Do you remember those chain messages which said that if you don’t change your Facebook password, Facebook will start charging its services monthly? No one fell for that. Unfortunately, following the real data breach, many people decide not to change their passwords and add an extra level of protection.
The same applies to American adult users who in a very great matter don’t follow up with the change of their password following the data breach.
The survey was conducted by Google, which found that nearly every second USA-based adult ignores the emails or security news that informs people if some data breach took place.
First Digital Computer Password Was Created by MIT in 1961
(Dataprot)
If you ever wondered about the history of passcodes, you probably know that they’ve been around for a while, thanks to cryptology and different ways of communicating, especially during World War 2. However, the first-ever digital password that was used as we know it was created at MIT in 1961.
The whole idea of coming up with digital passwords was introduced in 1960, including the importance of remembering the passwords, updating them, deleting them, and others. MIT came up with a password for one of the earliest computers called Compatible Time-Sharing System (CTSS)
Around 51% of People Use the Same Password for Their Work & Personal Accounts
(Dataprot)
Based on the password reuse data, more than half of online users won’t make a difference between the protection they use on their accounts and the protection levels they use on their work accounts. It’s important to separate personal data from work data but seems that every second Internet user doesn’t do that.
Working at home meant that a lot of people may not have the same security of their network at home as they’d do at work, which means that in some smaller and unsecured businesses, they’d be more vulnerable to cyberattacks and data breaches than they’d at home.
That said, a lot of users felt cozy and comfortable enough at home to use the same passwords they’d use on their accounts like Facebook, Instagram, Google, TikTok, and others, to business accounts on data planning, spreadsheet, work email, and other work accounts.
This is a bad practice as a lot of employees are required to sign the NDA document when starting new work, which means that confidential information should never be taken out from the company.
Human factors may contribute to the data breach of your work-related accounts based on the data breach of your account, which can jeopardize the data and all important information about your clients and customers, causing you to break the agreements stated in the NDA document.
While using the same password for both types of accounts may be easier for you, it’s not necessarily safer. Not only does it jeopardize your job position, but it can also be dangerous for your finances, and the finances of all your coworkers, as well as clients.
Over 80% of Data Breaches are Caused by Poor Password Security
(Idagent)
Many companies sign NDA documents with their employees to ensure data confidence when working with sensitive information. That being said, no employee can take out and share confidential information from the company unless permitted.
But, that enough didn’t stop the information leak from various companies that have to deal with huge security expenses and fines every year a data breach occurs. Unfortunately, more than 80% of data breaches in the world are caused because employees don’t choose careful passwords for their tools and accounts, leading to security that is quite easy to compromise.
Companies may pay as much as millions of dollars to correct the damage of data breaches because they have to deal with private info of their clients, plans, and strategies being leaked both online and on the dark web.
You’d be surprised to know that many hacked password databases hang around on the deep web, while hackers either freely share that information or sell it to analytic companies.
About 65% of Americans Can’t Rely on Password Managers
When it comes to securing your passwords with password managers, about 65% of Americans can’t fully rely on them and trust them. It’s interesting to note that 58% of the surveyed Americans about password managers have experienced data breaches, and despite that, they still can’t trust password managers.
Password managers make it convenient to store and encrypt your credentials to different websites and platforms. That way, you can log in to your most-used accounts without having to worry about forgetting your account or having it stolen.
Still, some people who are not well-versed with tech and how security works, find it difficult to trust these tools, suspecting that their developers will leak their data and authentication info and use it to hack them.
The greater risk of a data breach has left a lot of people worried about their data, and that’s for a good reason because a data breach can lead to identity theft, fraud, phishing, damaged credit score, and much more.
Still, there are a lot of safe password managers. There are even tutorials that can help you develop one on your own.
Researchers Believe That All Active Passwords Now Can Be Eliminated in Five Years
(Naratek)
Researchers and other tech experts are actively working on passwordless solutions that will make logging into popular platforms and social media more convenient. If you take a look at your smartphone, you can probably unlock it using your fingerprint or facial recognition. It feels smoother and faster than typing in your pin or a pattern.
Now, the big tech wants to go one step further and use biometrics for authentication, and with passwordless implementation, they can go much further. Researchers believe that they can develop behavior-based authentication which would grant consumers access based on their behaviors, habits, and other patterns that can reveal the personality of the device’s owner. That way, passwords could be put out of use.
Still, this is just a prediction, and it’s not guaranteed that anything like that could become reality in the next five years, at least not that widespread to eliminate the use of all passwords.
Multi-Factor Authentication Will Be Standardized
According to one of the previous statistics that we listed, this shouldn’t be surprising. Many people connect their number to the different apps, which is why they can easily authenticate their accounts in case they forget the password, or prevent someone else from coming in with their phone, which has proved effective in more than 90%.
Many researchers believe that 2022, is when multi-factor authentication will become the norm and that all bigger companies and platforms are starting to adopt this feature to their registration forms.
One of the Most Popular Password in Healthcare is “Vacation”
A lot of doctors, nurses, and other healthcare workers had it hard over the last couple of years. Many worked in heavy suits and eagerly expected vacations that many didn’t have. Even before, the doctor and nurse shifts in the hospitals were tough, so it shouldn’t surprise you that the most popular password in healthcare is “Vacation” as everyone craves it.
65% of People Rely on Fingerprint Scanner or Facial Recognition More Than Passwords
(LastPass)
Smart devices brought us the convenience of using fingerprint scanners and even facial recognition, which is easier and faster than passwords. However, this convenience brought people to think that these two methods are more effective and secure compared to typing in traditional passwords.
The scary bit is that 65% of people believe that these two recognition software are good practice and more secure. While passwords can be breached, as well as patterns, it’s important to note that a strong and reliable password will be more secure than a fingerprint and facial recognition, which can still be breached and tricked.
Employees Reuse a Password 13 Times on Average
(LastPass)
You probably heard about the risks of reusing your password with the same email or username across different platforms. However, despite knowing all the risks, people continue doing it, because they either think that their data is too insignificant, or they simply don’t care.
That’s what LastPass survey discovered, and that’s not encouraging statistics. Employees have various accounts with different tools they use, and if they contain confidential data, breaching those passwords can leave the company with various expenses and risks that it wouldn’t be able to mitigate.
Try to repeat as few passwords as possible. Even better, find a way to securely store passwords and create a unique one for every account that you use. That way, you won’t be exposed to so much risk and could work with confidential data knowing you did everything on your part to secure it.
Survey Found that 79% of People Make Their Passwords By Mixing Words and Numbers
When creating an account, we’re often expected to create a password that would have at least 1 number, or at least one capital letter and sometimes it’s hard to come up with a password that would feel good on us, but also feel good in the process.
Some people feel good about including more than one number or a capital letter in the password, and a survey discovered that about 79% of people prefer mixing letters with numbers in order to create a password that is more reliable and harder to breach.
This may not be as surprising, but it may encourage those who use only one number in their password to mix all the characters up a bit, or even include a few more numbers into the mix. Just avoid using the birthday-related digits, as well as credit card pin and you’re good.
36% of People Develop Bad Password Habits Because They Believe That Their Passwords are Insignificant to the Hackers
(LastPass)
An interesting survey showed that people who develop bad password habits like creating short or not so secure passwords don’t think that their data is important enough to be stolen by hackers, and don’t think that what they keep behind those passwords has any value to them.
What many people don’t know is that hackers could use your data to sell it, train different artificial intelligence models and use that data to make those systems know more about the behavioral patterns online.
More importantly, your data can be used to train hackers and AI alike to hack people who have the same bad password habits but have more important data tied to them which should stay private.
76% of Younger Internet Users Aren’t Worried About Their Password Security
(Dataprot)
The younger generations on the internet, also known as Generation-Z or Gen-Z don’t worry too much about what will happen to their accounts and whether their passwords are secure. However, they mainly don’t worry because they incorporated two-factor authentication in their accounts, which they wholeheartedly trust.
The same statistics have shown that more than three-quarters of the same generation turns on multiple-factor authentication on different platforms that they use.
51% of Employees Have Difficulties Managing Multiple Passwords
(Dataprot/FirstContact)
A survey found that more than half of employees will more likely create common passwords and numeric passwords in order to protect their accounts as they find password management to be a nuisance and hard to remember.
32% of Users Stores Passwords in Browsers
(Dataprot)
It was found that about 53% of surveyed people trust their memory to remember the passwords. On the other hand, around 32% of people save their passwords in browsers, which is not the smartest option. About 26% will save them in different spreadsheets like Microsoft Excel or Google Spreadsheets. About 26% of surveyed users reported also saving their passwords in a notebook or on sticky notes they have in the office.
We earn commissions using affiliate links.
Learn how to stay safe online in this free 34-page eBook.
