MENU
GET LISTED
GET LISTED
SHOW ALLPOPULAR CATEGORIES
  • Home
  • Research
  • 55 Important Password Statistics You Should Know: 2024 Breaches & Reuse Data

55 Important Password Statistics You Should Know: 2024 Breaches & Reuse Data

A password is a standard way of authenticating access to digital services and systems. It is supposed to be secret to ensure that only the account owner or those granted rights can view or modify important data. Unfortunately, there are individuals who can be lazy in safekeeping passwords, making their accounts vulnerable to hacking and other attacks.

With the following password statistics, we can see how crucial it is to elect a strong password. Furthermore, there are figures that show how important it is to have proper IT security software for organizational and personal uses.

password statistics - infographic

General Cybersecurity Statistics

Internet users trust enterprises to protect their accounts. Unfortunately, there remain security holes that can lead to breaches. For example, in May 2018, a bug on Twitter stored passwords in plain text.

  • People can have as many as 85 passwords for all their accounts. (Cnet, 2020)
  • 336 million users were affected by a Twitter bug that saved passwords in plain text. (SecureLink, 2021)
  • 70% of consumers are concerned about being a target of a cyberattack. (SecureLink, 2021)
  • Having eight characters in a string makes for a strong password though longer logins are much better. (Cnet, 2020)
  • A 12-character password is 62 trillion times more difficult to crack compared to a 6-character password. (Scientific American, 2019)
  • But a truly strong password would be a 16-character password derived from a set of 200 characters. (Scientific American, 2019)
  • 62% of organizations do not believe they have taken the necessary steps to secure information on mobile devices. (Ponemon Institute, 2020)
  • One-third of malware breaches are caused by password dumper malware. (Verizon, 2020)
  • Multi-factor authentication blocks 99.9% of all attacks. (Microsoft, 2020)

Source: Ponemon Institute, 2020

Password Breach Statistics

The latest cybercrime statistics show that 1.67% of Android malware are password Trojans. The following password breach statistics also demonstrate that there are a variety of ways that cyberattackers can access accounts or obtain passwords.

  • Hackers have published as many as 555 million stolen passwords on the dark web since 2017. (Cnet, 2020)
  • 27% have tried to guess other people’s passwords. (Google, 2019)
  • 17% have managed correct guesses. (Google, 2019)
  • 80% of hacking incidents are caused by stolen and reused login information. (Verizon, 2020)
  • 81% of company data breaches are caused by poor passwords. (TraceSecurity)
  • Hacking attacks using scripts that try to guess usernames and passwords happen every 39 seconds, globally. (WebsiteBuilder.org, 2021)

passwords published on the dark web

Password Management Statistics

Most Popular Passwords

Passwords should be unique to prevent unauthorized access. However, there are exact passwords or password variations that are popular.

  • An analysis showed that there are nearly 10 million variations of the year 2010 being used in passwords.
  • The second most-used year in passwords is the year 1987 with almost 8.4 million variations. (Cybernews, 2021)
  • 1991 is the third most popular year used in passwords. It has nearly 8.3 million recorded use. (Cybernews, 2021)
  • Of the 2.2 billion passwords analyzed, 7% contained curse words. (Cybernews, 2021)
  • “Ass” is used in 27 million passwords, making it the most popular curse word in passwords. (Cybernews, 2021)
  • “Sex” only has over 5 million uses in passwords. (Cybernews, 2021)
  • The “F” word is present in below 5 million passwords. (Cybernews, 2021)
  • “Abu” is the most used city in passwords, with 2.3 million iterations. It most likely stands for UAE’s Abu Dhabi. (Cybernews, 2021)

Source: Cybernews, 2021

Password-Making Habits

People have their own habits when making passwords. But surprisingly, there are habits that span the globe when it comes to creating passwords for online services.

  • Around 50% of Internet users still use the same password for all their accounts. (LastPass, 2021)
  • Older people aged 50+ are more likely to use unique passwords for each online service. (Comparitech, 2020)
  • 60% of people say they get lazy when creating passwords so they use the same passwords often. (MSN, 2021)
  • Disturbingly, 19% of adults in France use one or two passwords for all or almost all of their online accounts. (Proofpoint, 2020)
  • But the case is worse in Japan, as 21% of respondents from the country have the same habit or attitude in password management. (Proofpoint, 2020)
  • Admirably, 40% of respondents from Germany manually enter a different password for every account they have. (Proofpoint, 2020)
  • 44% of US respondents use a password manager to take care of their accounts. (Proofpoint, 2020)
  • 33% of respondents from Spain and Germany rotate the use of 5 to 10 passwords. (Proofpoint, 2020)
  • Two-thirds of people make new passwords that are similar to the ones they already have. (MSN, 2021)
  • 35% of respondents choose convenience over security when electing a password. (SecureLink, 2021)

Common Passwords

Twenty-four percent of Americans have used the following common passwords or another form:

  • abc123
  • Password
  • 123456
  • Iloveyou
  • 111111
  • Qwerty
  • Admin
  • Welcome

Password Practice at Work

Work and personal accounts should be kept separate for security purposes. However, there are still a large number of people who use the same passwords for work and personal logins. On top of that, some workers and even organizations can be lax with regard to password sharing in the workplace. A few password reuse statistics also show that people can fall into the bad habit of reusing passwords across many accounts.

  • 31% of workers use their child’s name or birthday for their passwords. (Keeper Security, 2021)
  • 44% of workers reuse passwords across personal and work-related accounts. (TechRepublic, 2021)
  • 14% of professionals have shared their work passwords with a partner. (TechRepublic, 2021)
  • 11% have done the same with a family member. (TechRepublic, 2021)
  • 34% have shared passwords with colleagues in the same group. (TechRepublic, 2021)
  • 46% of workers said that their company disseminates login information for accounts being used by several individuals. (TechRepublic, 2021)
  • 57% of workers write down passwords on sticky notes. (Keeper Security, 2021)
  • 62% share passwords via SMS and email. (Keeper Security, 2021)
  • 49% note passwords in unprotected plain-text documents. (Keeper Security, 2021)
  • A report shows that employees reuse passwords 13 times on average. (LastPass, 2019)
  • 59% of companies have more than 500 passwords that do not expire. (Varonis, 2021)

reuse of passwords

Password Requirements

Online services require users to create unique and strong passwords. In the process, organizations present certain password requirements that users must meet. Apart from that, they necessitate users to change their passwords frequently.

  • Organizations in the finance sector require users to change passwords 7.17 times per year. However, the frequency of actual password changes is 7.33. (MobileIron & EMA, 2019)
  • High technology is another sector where the actual frequency of password changes is higher compared to the required frequency (7.62 times vs. 5.07 times). (MobileIron & EMA, 2019)
  • Professional services require password change at least 7.03 times per year but people only do it 4.6 times in a year. (MobileIron & EMA, 2019)

Changing Passwords

  • 37% of EU respondents changed their email passwords in the last 12 months. (European Commission, 2020)
  • For mobile banking, 30% of EU residents made changes to their passwords in the same period. (European Commission, 2020)
  • Online games get the least attention for password security, with only 7% changing passwords in the past 12 months. (European Commission, 2020)
  • Concerningly, 31% have not changed passwords for any online service they use during the time. (European Commission, 2020)
  • Only 1 in 5 Americans would change their passwords even after finding out about a bug or a security incident. (SecureLink, 2021)
  • 57% of individuals share their passwords with a significant other but only 11% change their passwords after a breakup. (Google, 2019)
  • 34% of Americans change their passwords regularly.  (Google, 2019)
  • 78% of people had to reset their password in the last three months. Among those, 57% had to do it for work while 78% had to do it for their personal accounts. (Comparitech, 2020)
Chart context menu
View in full screen
Print chart

Download PNG image
Download JPEG image
Download CSV
Download XLS
View data table

Password Changing Behavior in the EU

How many people changed passwords in the last 12 months

Password Changing Behavior in the EU
Email: 37%

Email

37%
Password Changing Behavior in the EU
Mobile banking: 30%

Mobile banking

30%
Password Changing Behavior in the EU
Social networks: 25%

Social networks

25%
Password Changing Behavior in the EU
Shopping sites: 16%

Shopping sites

16%
Password Changing Behavior in the EU
Public service websites: 9%

Public service websites

9%
Password Changing Behavior in the EU
Online games: 7%

Online games

7%
Password Changing Behavior in the EU
None: 31%

None

31%
Password Changing Behavior in the EU
Other: 10

Other

%
Password Changing Behavior in the EU
don't know: 11%

don't know

11%

Source: European Commission, 2020

Designed by

Will passwords die?

Passwords are a major security problem. Despite that, and the numerous authentication models that have been developed, they continue to be ubiquitous. A report once predicted that there would be over 300 billion passwords in use by 2020. That forecast may have come to pass. And that means there are now more than 300 billion passwords at risk.

As the password statistics above showed, even strong passwords can fail. Fortunately, there are safeguards such as multi-factor authentication. Nevertheless, even that is not completely foolproof as cyber attackers have ways to go around or intercept one-time passwords. That is why it is best to always have unique sets of characters for each online service for high security. This means to say people should not reuse passwords or use ones that can be easily guessed by others like birthdays and children’s names.

Moreover, individuals and organizations have to be on guard against cybercrime trends. While new types of cyberthreats do not surface often, various cybercrimes can be popular at any point depending on the situation. Case in point, phishing has become more common because of the COVID-19 pandemic. Thus, everyone must be on guard and take steps to improve cybersecurity.

 

References:

  1. Colby, C., & Profis, S. (2020, August 6). 9 rules for strong passwords: How to create and remember your login credentials. Cnet
  2. Neveux, E. (2021, January 20). Consumer password habits: Concerning, not surprising. SecureLink
  3. Delahaye, J. (2019, April 12). The mathematics of (hacking) passwords. Scientific American
  4. Ponemon Institute. (2020). The 2020 state of passwords and authentication security behaviors report. Businesswire
  5. Google, & Harris Poll. (2019, October 6). The United States of P@ssw0rd$. Google
  6. Verizon. (2020, May 19). SMB data breach statistics. Verizon
  7. TraceSecurity. (2018, August 14). 81% of company data breaches due to poor passwords. TraceSecurity
  8. WebsiteBuilder.org. (2021, March 20). 30 key cybersecurity statistics to be aware of in 2021. WebsiteBuilder.org.
  9. Weinert, A. (2020, August 3). Your Pa$$word doesn’t matter. Microsoft
  10. Crafford, L. (2021, January 25). 7 bad password habits to break now. LastPass
  11. Varonis. (2021, 1). 2021 data risk report: Financial services. Varonis
  12. O’Driscoll, A. (2020, August 28). 25+ password statistics that may change your password habits. Comparitech
  13. Meyer, B. (2021, April 9). Most common passwords: Latest 2021 statistics. Cybernews
  14. Proofpoint. (2020, January). State of the Phish 2020. Proofpoint
  15. The Wake Up. (2021, April 10). Your habits on passwords. MSN
  16. Whitney, L. (2021, April 6). How poor password habits put your organization at risk. TechRepublic
  17. Pollfish, & Keeper Security. (2021, April). Workplace password malpractice report. Keeper Security
  18. LastPass. (2019). 2019 global password security report. LastPass
  19. MobileIron, & EMA. (2019, July). Passwordless authentication: Bridging the gap between high-security and low-friction identity management. MobileIron
  20. European Commission. (2020, January). Special Eurobarometer: Europeans’ attitude towards cyber security. Statista
Jenny Chang

By Jenny Chang

Jenny Chang is a senior writer specializing in SaaS and B2B software solutions. Her decision to focus on these two industries was spurred by their explosive growth in the last decade, much of it she attributes to the emergence of disruptive technologies and the quick adoption by businesses that were quick to recognize their values to their organizations. She has covered all the major developments in SaaS and B2B software solutions, from the introduction of massive ERPs to small business platforms to help startups on their way to success.

Page last modified

Leave a comment!

Add your comment below.

Be nice. Keep it clean. Stay on topic. No spam.

TOP

Why is FinancesOnline free? Why is FinancesOnline free?

FinancesOnline is available for free for all business professionals interested in an efficient way to find top-notch SaaS solutions. We are able to keep our service free of charge thanks to cooperation with some of the vendors, who are willing to pay us for traffic and sales opportunities provided by our website. Please note, that FinancesOnline lists all vendors, we’re not limited only to the ones that pay us, and all software providers have an equal opportunity to get featured in our rankings and comparisons, win awards, gather user reviews, all in our effort to give you reliable advice that will enable you to make well-informed purchase decisions.