Security habits around the world: A closer look at password security statistics

With passwords as prevalent as they are, numerous studies have sought to shed light on password habits, trends, and challenges, for both consumers and enterprises. Exactly what are these surveys demonstrating? Below, a deeper dive into recent, notable password statistics:

For the third annual World Password Day Survey, Bitwarden polled over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Here are some of findings:

• 19% of respondents said they used “password” as their password

• 52% use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of loved ones

• Best practices are still diluted by bad habits, with 85% reusing passwords across multiple sites and 58% relying on memory for their passwords

• A majority (68%) of respondents manage passwords for 10+ sites or apps and yet 84% of respondents reuse passwords

• More than half of respondents forget and reset their passwords on a regular basis

• Around a quarter (20%) were affected by breaches and a majority (80%) were prompted to reset their passwords

• Over half (56%) are excited about passwordless options, and 50% are using or would use ‘something you are’ forms of passwordless authentication

Passwordless options are of interest to consumers, as evidenced by the Bitwarden survey and a recent survey from the FIDO Alliance. Key password statistics:

• 29% of consumers prefer signing in with biometrics (such as fingerprint or face scan) versus 19% who prefer to enter a password manually

• 44% actually use biometrics to sign into accounts, although 64% also still enter their passwords manually

• 69% of respondents report that their most frequently used password is at least a year old

While consumers are clearly still reliant on passwords, they show an appetite for options with less friction or dependence on memory. Of course, that dependence on memory could also be negated with the use of a password manager, which allows consumers to easily create strong and unique passwords for a seemingly endless array of sites. 

In addition to password statistics about consumer password behavior, Bitwarden also collected internal research about password behavior in the workplace. Enterprise password management is particularly intriguing because most strong surveys typically profile an array of industries and offer an honest assessment from IT security personnel. For example, in the third annual Bitwarden 2023 Password Decisions Survey, the company polled IT decision-makers who play a key role in enterprise purchasing decisions. Key password statistics:

• Password management software remains popular - but so do risky practices such as writing down passwords or saving them on spreadsheets. While 84% of respondents use pass

• Most (66%) of IT decision makers share passwords through a password manager but a sizable number also share via email and online documents word management software, 45% also rely on their memories

• A large majority (79%) want their employer to require employees to use the same password manager across the organization

• Almost all (92%) use 2FA in the workplace

• 60% reported experiencing a cyberattack, up from 54% last year

• Around half (49%) are deploying or have plans to deploy passwordless tech; 51% of those are relying on the ‘something you are’ (biometric factors, facial recognition, fingerprint, voiceprint) form of passwordless authentication

Another recent survey from hardware authentication security key provider Yubico revealed MFA trends among enterprises. In its poll of 500 IT leaders in the US and Canada, Yubico found - in line with Bitwarden’s own data breach finding - 59% of businesses reported a breach within the last year. Other password statistics:

• A little less than half (46%) of respondents protect their enterprise applications with MFA  

• Almost three quarters (74%) have some level of concern about the security of SMS or push-based authentication

• In general, the least secure methods of authentication such as passwords and SMS-based MFA are deployed most frequently

• 69% of respondents have some level of concern about the security of SMS or push-based authentication

Interested in learning even more password statistics? Visit the Bitwarden Survey Room, which features original, third-party survey research and represents the opinions of IT decision makers, internet users across the globe, and the Bitwarden community. It also includes grade-based evaluations of federal agencies and businesses from the Bitwarden team.

Ready to start using Bitwarden? Quickly sign up for a free personal account or begin a 7-day business trial to secure your enterprise.