Security habits around the world: A closer look at password statistics

With passwords as prevalent as they are,

have sought to shed light on password habits, trends, and challenges for both consumers and enterprises. Maintaining good password habits is crucial for online security, as it involves creating strong passwords and managing them effectively to prevent unauthorized access. Exactly what are these surveys demonstrating? 

For the fifth annual

, Bitwarden polled over 2,000 employed adults in the United States, Australia, the United Kingdom, Germany, France, and Japan on their password security practices, highlighting generational trends in password habits. Here are some of the password statistics:

• 35% of Gen Z respondents revealed they never or rarely update passwords after a data breach at a company with which they have an account

• Only 10% reported that they always update compromised passwords

• When prompted to update a login, 38% of Gen Z and 31% of Millennials only change a single character or simply recycle an existing password

This casual attitude toward compromised accounts extends to general password habits, where the data reveals stark generational differences in security practices. Surprisingly, those who grew up with digital technology exhibit the most dangerous habits, contradicting assumptions about digital nativity and security awareness. The findings paint a picture of younger users caught between understanding cyber risks and struggling with the practical burden of secure password management.

• 72% of Gen Z reuse passwords, compared with only 42% of Boomers – despite this insecure habit, 79% of Gen Z respondents believe password reuse is risky

• 59% of Gen Z also reuse existing passwords when updating an account with a company that has experienced a data breach, compared to just 23% of Boomers

• 55% of respondents have abandoned an account or created a new one simply to avoid going through the password reset process, while 30% of Gen Z often or always forget passwords to important accounts

Although their overall password practices are precarious, younger generations appear more likely to embrace multi-factor authentication (MFA). More than 80% of younger generations are at least somewhat likely to enable MFA even when it is not required, compared with only 51% of Boomers.

While the generational divide in password security is striking, the willingness of younger users to adopt multi-factor authentication suggests there's hope for improving their overall cybersecurity posture. The key may be making secure password management as convenient and intuitive as the additional security layers they're already embracing.

As demonstrated from the World Password Day survey findings, password reuse is a common practice among internet users, with many using the same password for multiple accounts. However, this practice poses significant risks. A single compromised password can lead to unauthorized access to multiple accounts. Reusing passwords can also increase the risk of password breaches, because hackers can use stolen credentials to gain access to other accounts. To mitigate this risk, it’s essential to utilize unique passwords for each account and consider using a password manager to generate and store complex passwords. By avoiding password reuse, individuals can reduce the risk of data breaches and protect their personal and financial information. A password manager is an invaluable tool in this regard because it helps users maintain strong password security across all online accounts.

Weak passwords are a significant vulnerability for both consumer and work online security because they can be easily guessed or cracked by hackers. Common passwords, such as “password” or “qwerty,” are particularly vulnerable to brute force attacks. Additionally, passwords that use only lowercase letters or are less than 12 characters long are also at risk. To create strong passwords, individuals should use a combination of uppercase and lowercase letters, numbers, and special characters.

A

unique and complex passwords for each account. By using strong passwords, individuals can significantly reduce the risk of password breaches and protect their online security.

Also in 2025, Bitwarden surveyed over 3,500 users worldwide for the fifth annual

. The survey ranks privacy tools recommended by the Bitwarden community and gauges user sentiment on data privacy challenges. Among the notable findings, the survey identified clear frontrunners in privacy software categories and pinpointed areas where users continue to struggle with implementation.

• 42% prefer the Brave browser, with Firefox (38%) as the next runner-up

• 51% cite Signal as the number one messaging app, with Telegram (20%) a distant second

• 22% believe enabling two-factor authentication for every account is the most challenging data privacy habit to implement

In addition to password statistics on consumer password behavior, Bitwarden also conducted internal research on password behavior in the workplace.

Enterprise password management is particularly intriguing because most strong surveys typically profile an array of industries and offer an honest assessment from IT security personnel. For example, in the

, the company surveyed IT decision-makers who play a key role in monitoring password health, visibility, and remediation. Usually (90% of the time), respondents ask employees to update their own credentials, and they most often do this through email (42%) or one-on-one conversations (36%), placing the burden on employees to create strong, unique passwords for every account – an impossible task without the aid of a password manager. The survey results paint a sobering picture of workplace password security, revealing both operational inefficiencies and cultural barriers.

• On average, it takes 9 days to update at-risk credentials after detecting an issue

• 68% report that employee motivation is the biggest challenge when implementing password best practices

• Over half of IT managers (51%) report that their employees don’t take cybersecurity measures seriously at all or only somewhat seriously

The

polled over 600 developers to gauge their perceptions about security best practices. The survey revealed attitudes and adoption preferences related to IT security technologies, including secrets management, the cybersecurity risks associated with generative AI, and passwordless authentication. The survey uncovered notable contradictions between developers' security awareness and their actual implementation practices.

• While ‘secure-by-design’ principles are important to developers, 26% claim implementation is too time-consuming and 18% say they’re too understaffed and working under tight deadlines

• 65% of respondents hard-code secrets in source code, and more than half (55%) keep secrets in clear text via spreadsheet or messaging apps

• Over a third (38%) believe AI will pose the biggest cyber threat 5 years from now, followed by ransomware (19%) and poor cyber hygiene (16%)

• A majority (88%) have a highly favorable or favorable attitude towards

  passkeys
  and passwordless features

• FIDO2 and passkeys
  have received attention as a potential password alternative, but just 36% think they will replace passwords

Interested in learning even more password statistics? Visit the

, which features original, third-party survey research and represents the opinions of IT decision-makers, internet users worldwide, and the Bitwarden community. It also includes grade-based evaluations of federal agencies and businesses from the Bitwarden team.

Ready to start using Bitwarden? Quickly sign up for a

or begin a

7-day business trial

to secure your enterprise.