World Password Day Survey 2024

The Bitwarden World Password Day survey, conducted in Spring 2024, gathered insights from 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to delve into current user password practices. The survey examines password security habits at home and in the workplace, assesses the perceived impacts of phishing and AI on online security, and captures user sentiment towards passkey adoption as an emerging authentication method.

View the presentation for a comprehensive exploration of the survey findings.

• 25% of global respondents reuse passwords across 11-20+ sites or apps at home, and 36% incorporate personal information into their passwords, raising concerns about password strength and security.

• A majority of respondents continue to use memory (54%) and pen and paper (33%) for password management, underscoring a reliance on outdated and potentially insecure practices.

• Almost a third of respondents (32%) feel unprepared or uncertain about defending against AI-enhanced cyber threats, highlighting a gap in cybersecurity readiness.

• 37% view their workplace security habits as risky, with notable percentages storing passwords insecurely (35%) or using weak credentials (39%), indicating areas for improvement in organizational cybersecurity practices.

• Although 45% of global respondents are adopting passkeys, there is a lack of understanding (41% are “not very well informed” or “not at all") about the privacy and security benefits of passkeys.

The survey shows that a quarter (25%) of global respondents reuse passwords across 11-20+ accounts, with more than a third (36%) admitting to using personal information in their credentials that is publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse significantly heighten cybersecurity risks and identity theft. 

There is a critical need for enhanced awareness and education about better cybersecurity habits at home and at work. Despite 60% of users claiming they feel confident in being able to identify a phishing attack and 68% feeling prepared to identify and mitigate AI-enhanced cyberattacks, a substantial number of respondents still resort to risky password management methods. Fifty-four percent of individuals rely on memory and 33% use pen and paper to manage their passwords at home. Nearly half of respondents (41%) reveal they very frequently or somewhat frequently access personal and work data on public networks, increasing their vulnerability.

These behaviors have clear consequences, with nearly a fifth (19%) of global users admitting to experiencing security breaches, and 23% confirming their passwords have been stolen or compromised in the past. This underscores the cognitive dissonance between users’ security postures and their actual practices.

The survey’s findings illustrate that individual password habits at work mirror those at home. The majority of respondents admit to relying on memory (53%) and pen and paper (34%) for their workplace accounts. Almost half (48%) reveal that they somewhat frequently or very frequently reuse passwords across workplace platforms or accounts. 

Additionally, 48% of respondents say they receive regular security training focused on safeguarding login credentials against common threats, citing that they are confident (43%) or somewhat confident (50%) in counteracting those threats. Their behavior, however, paints a different picture with more than a third (37%) classifying their workplace security habits as somewhat or very risky. Though the global average is higher than the US percentage (23%) of respondents classifying their workplace security habits as risky, US users persist in using weak or personal-info based passwords (44%), storing work passwords insecurely (45%), not using 2FA (23%), and sharing passwords insecurely (32%).

Despite password security challenges, the survey reveals encouraging trends, demonstrating that users are increasingly adopting more responsible cybersecurity behaviors. Fifty-one percent of respondents globally (and 56% of US individuals) that have adopted a password manager at home report becoming more security conscious at work, and 45% say they reuse passwords less frequently. This extends beyond personal use, with 28% sharing the benefits of password management software within the workplace. The positive influence of using password managers at work is evident in respondents’ personal lives, with 52% acknowledging increased security awareness at home, alongside a reduced frequency of password reuse (41%). 

Adoption of two-factor authentication (2FA) is on the rise, with 40% of global respondents using it for most personal accounts and a similar percentage (41%) for most workplace accounts. There is growing awareness of its importance as a secondary security layer, with 57% of all respondents using 2FA to enhance their security posture as a result of an increase in phishing attacks. The growing frequency of cyberattacks targeting employees’ credentials has not gone unnoticed either. Sixty-five percent of respondents have made some improvements or have increased safeguards to enhance security posture, showcasing a commitment to stronger cybersecurity practices across personal and professional settings.

Forty-five percent of global survey respondents have adopted passkeys, indicating a continued shift toward passwordless authentication. However, more than forty percent of respondents still lack a full understanding of their security advantages, signaling a need for more education on the security benefits of passkeys over traditional passwords. Despite growing adoption, concerns about privacy and security persist. Users express apprehensions regarding data misuse (31%), monitoring uncertainties (31%), unauthorized access (31%), and secure storage doubts (29%). Transparent communication and strong security assurances are essential to address these issues, boost user confidence, and promote broader acceptance of passkeys.

If organizations adopted passkeys, 62% of respondents feel their trust in their company’s security resilience would increase, and 66% would be more inclined to use passkeys personally if their workplace implemented them. Fifty-one percent of respondents foresee passkeys and passwords coexisting and 17% anticipate passkeys will make passwords obsolete. Regardless of individuals’ outlook on the future of passkeys, a majority (56%) feel the industry needs to enhance its efforts in educating the public about the benefits of passkey technology.

For the third annual World Password Day Survey, Bitwarden surveyed over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Additionally, the 2023 survey included questions about passwordless technology.

Key findings:

• 56% are excited about passwordless authentication options such as biometrics, passkeys, or security keys

• Best practices are still diluted by bad habits, with 85% reusing passwords across multiple sites and 58% relying on memory for their passwords

• 52% use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of loved ones

Bitwarden partnered with Propeller Insights to poll over 2,000 consumers in the United States, United Kingdom, Germany, Japan, and Australia. While receptive to the importance of security, individuals continue to struggle with embracing habits that could better protect their data. 

Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices - but does being familiar mean putting into practice? Not quite. 

• A majority of global respondents (84%) reuse passwords across more than 1 site 

• Almost one fifth (21%) of respondents reset their passwords every day or multiple times a week

• Over half (55%) of global respondents rely on their memories to manage passwords

But, there are some encouraging signs. In a world in which almost a quarter (23%) of global respondents have been affected by a data breach, it is exciting to learn that two-factor authentication (2FA) has truly gone mainstream. 

• Most (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA

• Almost three fourths (73%) of global respondents use 2FA for work

• Over three fourths (78%) use it for personal accounts

Despite well-documented geopolitical tumult and an increased attack surface from remote work practices, password managers in the workplace have yet to truly take off. There is major room for growth here.

• Only 32% of Americans are required to use a password manager at work

• Globally, that number (25%) is even lower

• In both cases, a majority (68% in the U.S and 64% globally) of respondents believe workplaces should provide employees with a password manager to protect credentials

Bitwarden conducted its first World Password Day global survey in 2021 to assess the state of password management and security habits. Over 1600 internet users were polled in the United States, United Kingdom, Japan, and Australia.

Key findings:

• Data breaches run rampant: a quarter globally (24%) report being a victim of a data breach in the last 18 months, with the US reporting the highest percentage (33%)

• Memory has its drawbacks: the majority (59%) rely on their memory to remember passwords, and 56% reset their passwords from as frequently as every day to once a month

• More than half never share passwords for personal or work use