Save Your Data with These Empowering Password Statistics

Ivana Vojinovic

Updated: February 6, 2024

SHARE:

If you’ve ever used number passwords like “123456” or “123455678” to protect an online account, it wouldn’t be surprising if you’ve had a stolen password at some point.

In the age of IoT device proliferation, when your computer and your fridge share data faster than you can imagine, it’s a disgrace for the human race to still rely on passwords like “iloveyou.” 

Unfortunately, too many people still have poor password habits that make it super easy for hackers to access data that doesn’t belong to them. Read on to learn from other people’s mistakes.

Key Password Statistics to Keep in Mind

• Cyberattacks exposed 155.8 million digital records in the United States. (Zippia)
• In the last five years, 39% of people had their passwords compromised. (Forbes)
• In a 2020 report, 56% of internet users would prefer a passwordless method of protecting their identity. (Ponemon Institute)
• Between 20 and 50 percent of all help desk calls are for password resets. (Independent)
• The password “123456” is still used by 23 million account holders. (CBC, NordPass)
• 16% share their passwords with other people in 2023. (Forbes)
• “Eva” and “Alex” are the most common password names. (Cybernews)
• An analysis of over 15 billion passwords reveals that the average password has eight characters or fewer. (Cybernews)
• Abu Dhabi is the most commonly used city name in passwords. (Cybernews)
• In a 2020 survey, 100 passwords per person on average. (Security Brief)

Interesting Facts and Stats About Passwords

It is critical to use strong passwords. They keep your sensitive personal information private by protecting your electronic accounts and gadgets from illegal access. Here are some interesting statistics about passwords.

1. The world’s first digital password for a computer system was created at MIT in 1961.

(Massachusetts Institute of Technology)

The whole conundrum with passwords: coming up with them, remembering them, updating them, began in the 1960s. The first computer password was generated at the Massachusetts Institute of Technology for an early computer system called Compatible Time-Sharing System (CTSS). Passcodes have been around as long as computing itself.

2. 2.2 billion unique emails and passwords were exposed in the “Collection 1-5” data breach in January 2019, and it even increased by a million in 2022 when it tallied 3.2 billion breaches.

(Cybernews)

Data breach statistics warn of a growing number of cyber threats. But credential theft – stealing usernames and passwords is the oldest trick in the book. This type of theft opens endless criminal possibilities for hackers, including opening fraudulent bank accounts, buying things online, or applying for loans. Cybercriminals can also compile credentials and trade them amongst themselves.

3. Cyberattacks exposed 155.8 million digital records in the United States.

(Zippia)

In 2020, cyberattacks exposed 155.8 million digital U.S. records, and approximately 1,001 major data breaches were reported in the United States. Meanwhile, an estimated 30,000 websites are hacked every day around the world.

Furthermore, every year since 2016 — including 2020 — there have been approximately 4,000 international ransomware attacks, representing a 300% increase since 2015.

4. 59% of people relied on their memory to manage passwords in 2020.

(Ponemon Institute)

Given the complexities of securing a modern, mobile workforce, businesses struggle to find simple yet effective methods of protecting employee access to corporate accounts. To access business accounts, 49 percent of IT security respondents and 51 percent of individuals share passwords. Fifty-nine percent of IT security respondents say their organization manages passwords using human memory, while 42 percent use sticky notes. Only 31% of IT security respondents say their company uses a password manager, an effective tool for securely creating, managing, and storing passwords.

5. Between 20 and 50 percent of all help desk calls are for password resets.

(Independent)

According to one survey, password resets account for between 20% and 50% of all helpdesk calls. Then there’s usually a delay before you can log back into your account and return to work. According to other studies, employees spend an average of 11 hours per year remembering or resetting passwords. For large organizations (15,000 or more employees), this can result in a $5.2 million annual productivity loss. 

6. 51% of people use the same password for work and personal accounts.

(First Contact)

Password reuse statistics by First Contact reveal that more than half of internet users don’t bother creating different passcodes for their personal and business accounts. Understandably, this makes it easier to remember them, but it’s making users more vulnerable.

If a hacker cracks your code for a single website, they might get access to all your accounts. Someone who knows your Facebook password can wreak havoc on your personal life. And if the same word or string of numbers unlocks your bank account, you’re putting yourself in financial peril.

7. 78% of Gen-Z users use the same password for several online accounts.

(Americatech)

Personal password reuse is the most common among Generation Z. Over three-quarters of those aged 16 to 24 admit to using the same password across multiple websites. The Harris Poll revealed account password statistics by surveying 3,000 adults in the United States. It has been found that Millennials are in this bad habit, too. 67% of them rely on a single password for several accounts. Baby Boomers are the most conscientious about their online security. Some 60% of people from this age group habitually recycle passwords.

8. In the last five years, 39% of people had their passwords compromised.

(Forbes)

When your password is compromised, you may feel violated. Hackers gain access to personal and private information, allowing them to impersonate you or steal your money. Cleaning up the mess necessitates more than just changing passwords. While social media accounts are the most popular target for hackers, banks and shopping accounts account for 39% of compromised accounts over the last five years.

9. 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords.

(First Contact)

First Contact’s password statistics for 2021 revealed that most internet users who fall prey to phishing attacks keep their passwords unchanged. This puts them at a huge risk of becoming victims of other cyberattacks, especially if they don’t have different passwords for other accounts. The best-case scenario for victims is that they will lose some money. The worst case would be a stolen identity. The consequences of corporate phishing attacks are even more dire. Just one naive employee can open the door to the company network, exposing it to a data breach that would cause thousands of password breaches and other data leaks.

Media and advertising employees manage more passwords than those in any other industry.

10. In a 2020 survey, 100 passwords per person on average.

(Security Brief)

If you work in media or advertising, you can’t live without a password manager. According to the latest password stats, a computer processor remembers passwords for 100 media managers’ and advertisers’ accounts. They manage multiple clients, so they need to memorize more than just their social media passwords. They also use passwords for sites and apps for team communication, project management, and productivity tracking. Government employees also have much to memorize – about 54 different passwords for their work operations.

11. In a 2020 report, 56% of internet users would prefer a passwordless method of protecting their identity.

(Ponemon Institute)

Considering the number of forgotten and stolen passwords, this doesn’t come as a surprise when we look at password hacking statistics. People have a hard time coming up with passwords that work. And when they create strong passcodes, they tend to forget them easily. If we came up with another way of proving our identity when entering websites and software products, six out of 10 users would gladly embrace the change.

12. 30% of mobile-device users never lock their gadgets because re-entering passwords annoys them.

(First Contact)

Some users of mobile phones and tablets are so sick and tired of entering passwords into devices and programs that they avoid it whenever possible. Nearly a third of people who own these gadgets set them up to be accessible without passwords. They might view it as a convenience. However, cybercriminals see it as an opportunity.

Password Security Statistics

The more complicated the password, the better your data will be protected from cyber dangers and hackers. So, how can you ensure that your passwords do not jeopardize your security? Here are some suggestions for creating a secure password that can help protect your data.

13. 16% share their passwords with other people in 2023.

(Forbes)

People still share their passwords, no matter how many times experts tell us not to. There are some valid reasons for this, such as sharing a subscription or requiring family members to access accounts in an emergency. Because passwords are easily forgotten, with 21% saying they have forgotten passwords that are too complex, an increasing number of people are using tools such as Face ID or other biometrics to log in to accounts.

17% of respondents use Face ID to gain access to high-risk accounts. Face ID does not eliminate the need for complex passwords because accounts still require them. It merely reduces the need to remember them.

14. 79% of users created their own passwords by combining different words and numbers.

(Security.org)

The 79 percent of users who generated their own passwords by creating new combinations of words and numbers were slightly more secure. While the methods differed (19% used full sentences, 17% chose randomly from the dictionary, and 13% claimed to roll word dice), they all had the same flaw: real words are recognizable strings that can be cracked more easily.

15. 15% have included a name or date of birth in their passwords for online accounts.

(Security.org)

More than half of people admitted to using familiar names in their passwords, such as their own name or the names of their children or pets. 15% used their own first name as a password! Using meaningful names and numbers facilitates the work of hackers who may already have personal data, whereas sequential keystrokes and “tricky” characters provide little protection from code-breaking programs.

16. The average cost of a digital data breach in the United States is $200,000.

(Zippia)

Even though passwords are important, internet users are annoyed that they keep forgetting them. This is especially true for those who meet the complex password requirements. Other frustrating aspects of safeguarding accounts are answering security questions (35%), entering usernames and passwords (29%), entering a PIN on the phone (19%), and entering a one-time passcode (16%).

17. Over the next five years, cybersecurity costs will rise by 15% annually.

(Zippia)

This year, the global cost of cybersecurity is expected to be around $6 trillion. That figure is expected to rise by at least 15% per year over the next few years, reaching $10.5 trillion by 2025.

18. 83% of people use weak passwords.

(Zippia)

A surprisingly large percentage of Americans do not protect their online accounts after a breach. According to Zippia, weak passwords are used by 83% of people. This includes the 59% of Americans who use their birth date or name as a password.

You might be surprised at how simple it is to crack a weak password. Surprisingly, 17% of the 27% of Americans who have attempted to guess someone’s password have done so correctly. That means that if your password is weak, people have a 63% chance of guessing it.

19. A quarter of Americans admit to having used one of the easy-to-crack passwords like “123456” and “qwerty.”

(Google,CBC,NordPass)

According to password usage statistics, other combinations that have been used by 24% of US adults include: “abc123,” “password,” “welcome,” “admin,” “Iloveyou,” (which was coincidentally the name of one of the most destructive viruses around) and “11111.”

These would not make the unique password list. In a brute force attack, where a computer program tries to guess a password by entering every possible combination of letters and numbers until it cracks it, these number passwords come up very quickly. If a person had the same goal, they would also try these immediately.

20. 45 million Americans use a password manager.

(NetSec)

In 2020, 45 million Americans used a password manager, accounting for approximately 13.5% of the US population. If the survey results represent the entire country, more than 11 million Americans reuse their master password on other accounts.

21. Phishing has affected more than half of all businesses in the United States.

(Zippia)

Approximately 62% of organizations in the United States have been subjected to social engineering and phishing attacks.

Phishing is the practice of attempting to gain access to sensitive information by sending an online scam that appears to come from a reputable source to a company or individual.

22. It only takes 10 minutes to crack a lowercase password that is six characters long, compared to an eight-character password which can be cracked within 22 minutes.

(Avast, World Economic Forum)

If you choose to ignore the recommendations for creating a strong password (a combination of lowercase and capital letters, at least one number, at least one symbol), your password becomes so weak that it takes a computer only 10 to 22 minutes to figure it out, at least according to recent password security stats. To avoid falling into this trap, you should follow these rules: the longer the password, the harder it is to guess. That’s why a combination of four random words that make sense to you – with numbers, signs, and capital letters – make for a password you can remember and one that others can’t crack.

23. The most common food-related password is “pan.”

(Cybernews)

Surprisingly, this accounted for only 1.9%, with about 42 million uses. It appears that the most commonly used food word is either delicious food or delicious beverage. “Ice” could mean “ice cream” or “iced tea” in this context, but since “cream” isn’t in the top 10, it’s most likely the beverage. The fact that “tea” is number two only adds to the theory. They are followed by the words “pie” and “nut.”

24. 65% of people reuse passwords.

(Zippia)

Passwords are reused by 65% of people. This is divided into 52% who reuse passwords on only a few accounts and 13% who reuse the same password on all accounts.

Reusing passwords is especially dangerous because passwords are a popular target for hackers. Passwords are leaked in 64% of all data breaches, which means that just one could put every account at risk for someone who reuses passwords.

25. In 2023, 73% prefer to use smartphones for 2FA.

(Gitnux)

Recent password breaches have inspired business owners to take IT safety more seriously. Most people (73%) prefer smartphones for 2FA, while 17% prefer a built-in authenticator, 5% prefer a smart card, and 5% prefer a single security key.

Because most people prefer to use smartphones as their primary authentication method, businesses can focus on making this method as secure and user-friendly as possible.

Due to the risk of sim swapping, Two-Factor Authentication (2FA) increasingly relies on push notifications (68%) over SMS notifications.

26. An analysis of over 15 billion passwords reveals that the average password has eight characters or fewer.

(Cybernews)

Security experts are always highlighting the importance of lengthy passwords. The more characters there are in a password, the longer it takes to crack. Unfortunately, many internet users prefer shorter, easy-to-remember passwords. Nearly 30% of all passwords consist of eight characters, while six-character passwords are in second place and account for just under 20% of the total number.

Personal Password Statistics

27. 69% of employees share passwords with colleagues.

(Zippia)

This may not appear to be a big deal at first, but it also means that your colleague will have access to your accounts even if they no longer work for you. This can pose significant security risks to you and your company, as there may be several people who are no longer employed who have access to business accounts.

28. 43% of US adults have shared their personal passwords with a partner or family member.

(Google, SpiceWorks)

Sharing a password with a loved one is something nearly half of Americans have done at some point. Google’s US password statistics show that the most popular user credentials to get passed around are the ones used for entertainment, like TV or movie streaming websites. As many as 22% of US adults have given their Netflix or Hulu password to a partner or family member. The second most-shared password is for email accounts (20%) followed by social media (17%) and shopping accounts (17%).

29. 29% of internet users have more password-protected accounts than they can keep track of in 2020.

(Digital Guardian)

When asked how many passwords they have, almost 30% of respondents said, “too many to count.” That’s not a great outcome for global password statistics. About 14% of internet users have more than 25 password-protected accounts, and 28% of respondents have between 11 and 25. Another 30% of internet users said they have less than ten accounts requiring passwords. Too many passwords make people reuse the same one repeatedly, compromising their online security.

30. 31.3% of internet users change their passwords once or twice a year.

(Digital Guardian)

A survey by Digital Guardian suggests that almost a third of internet users reset their passwords infrequently, mostly only when they forget them. This is good news for malicious actors who can exploit credentials for longer periods. Only 17% of respondents change their passwords every few months, while 22.4% change them more than five times yearly. Analyzing the password cracking statistics, it’s evident that as the password resetting frequency increases, the percentage of users who do it declines. When you change your passwords regularly and apply security recommendations, the risk of cyberattacks decreases.

31. Individuals and their devices are increasingly being targeted by cybercriminals.

(shrm)

According to the 2021 Data Breach Investigations Report (DBIR), cybercriminals increasingly target individuals and their devices. Most data breaches (85%) involved a human element (phishing, stolen credentials, and human error). Whereas 36% of breaches involved phishing last year, 11% higher than the previous year.

32. “Eva” and “Alex” are the most common names in passwords in 2023.

(Cybernews)

It’s not uncommon for internet users to use their own name or nickname as part of their passwords. According to a recent study, these names appeared in more than seven million passwords. Other common password names include Anna, Max, Ava, Ella, and Jack.

33. Abu Dhabi is the most commonly used city name in passwords.

(Cybernews)

Many users inject some variation of their city name into their password with “abu”, a likely reference to the UAE capital, being used more than 2.3 million times, we learned from the latest international password statistics. Italy’s Rome isn’t far behind, with just over a million passwords using the name of the eternal city. Interestingly, only two American cities appear in the top 10 list, Austin and New York.

34. Food and beverages appear in just 1.9% of user-generated passwords.

(Cybernews)

A recent study by Cybernews reveals that most people aren’t hungry while creating passwords. Among the 15.2 billion passwords analyzed, only 42 million included food and beverages. The most common is tea with 3.22 million instances, followed by pie with 2.98 million instances. The least popular food-related words in passwords are seasoning margarine, and mayonnaise.

Business Password Statistics

35. 53% believe that using biometrics will improve the security of their company or accounts.

(Ponemon Institute)

In a 2020 survey, most IT security respondents and individuals (55 percent) would prefer a password-free method of account protection. IT security (65%) and individual users (53%) both believe that using biometrics would improve the security of their organizations or accounts. Finally, 56% of individuals and 52% of IT security professionals believe a hardware token would provide better security.

36. 65% of Americans reuse passwords, and many others use weak passwords.

(Zippia)

Password security is in disarray; with 65% of Americans reusing passwords and many others using weak passwords, hackers have an extremely easy time gaining access. By 2022, 81% of company data breaches will result from bad passwords, demonstrating how dangerous our password practices are.

37. Only 15% of IT administrators enforce the use of two-factor authentication.

(LastPass)

LastPass’s password statistics from 2020 indicate that 85% of security specialists do not require multi-factor authentication. This is discouraging since the survey included 47,000 companies from various locations across the globe. Safeguarding company data with more than just passwords is a great additional layer of protection. If more organizations implemented it, there would be fewer data compromises.

38. On average, only 5% of a company’s files are adequately protected against cyber threats.

(Zippia)

When creating a password, users tend to use short words or strings of numbers, mostly omitting capital letters, numbers, and signs. However, a password manager identifies such passcodes as weak, generating long, strong passwords that are hard to crack. This tool benefits a company’s IT security, and its clients’ data safety. What’s unclear is why so few organizations use a password management app.

39. 57% of employees find password management a nuisance that stops them from doing their jobs.

(First Contact)

According to First Contact, when password management in accordance with IT security regulations isn’t enforced by the employer, workers don’t even bother with it.

Instead, employees create common number passwords or easy passcodes to remember, endangering the company data and reputation. That’s why employers must pick up the slack by training their staff on information security and applying stricter password management requirements to end the vicious data-breach cycle.

40. Employees report spending an average of 11 hours per year entering and/or resetting passwords.

(Yubico, Independent)

Password management is time-consuming. Ponemon Institute’s survey found that it takes modern workers almost 13 minutes a week to enter and/or reset passwords for their work apps. Multiply that number by the number of working weeks a year, and you’ll realize that this effort takes employees 10.9 hours annually.

Depending on the number of employees, the cost of lost productivity can add up and surpass the cost of investing in a password manager.

41. 69% of employees share passwords with co-workers to access information.

(First Contact)

Password statistics published by First Contact reveal that too many employees still have the bad habit of sharing their work passwords with their colleagues. The list of recent data breaches explains why this is dangerous. This practice can lead employees to lose their job or cost their company money.

Final Thoughts

Using the same passwords repeatedly can leave you vulnerable to hackers. If a hacker cracks your passwords, they may obtain access to your social media accounts, bank accounts, emails, and other sensitive accounts containing confidential, personal information. You could become a victim of identity theft if someone has access to this information. Thus, creating a strong password is essential.