World Password Day 2025 Survey: 72% of Gen Z reuse passwords

This annual global survey of over 2,300 employed adults in the United States, Australia, the United Kingdom, Germany, France, and Japan highlights generational trends in password habits.

View the presentation for a comprehensive exploration of the survey findings.

Gen Z is the first generation to be raised fully online, but their status as digital natives has not made them inherently security conscious. According to the survey, the extent of their online exposure has likely contributed to password fatigue. 35% of Gen Z respondents revealed they never or rarely update passwords after a data breach at a company with which they have an account. Only 10% reported that they always update compromised passwords. When prompted to update a login, 38% of Gen Z and 31% of Millennials only change a single character or simply recycle an existing password. 

Password reuse is rampant, with 72% of Gen Z reusing passwords, contrasting with only 42% of Boomers – a significant generational disconnect. Yet despite their behavior, 79% of Gen Z respondents believe password reuse is risky. 59% of Gen Z also reuse existing passwords when updating an account with a company that has experienced a data breach, compared to just 23% of Boomers. Even more revealing, 55% of respondents have abandoned an account or created a new one simply to avoid going through the password reset process, while 30% of Gen Z often or always forget passwords to important accounts.

More than 80% of younger generations are at least somewhat likely to enable MFA even when it is not required, compared with only 51% of Boomers. This suggests that Gen Z and Millennials may compensate for poor password habits by relying on MFA as a security safety net. MFA is certainly a valuable layer of protection, but it isn’t a substitute for unique, strong passwords. If the password – the first factor – is compromised or weak, the account will remain vulnerable, particularly when MFA is enabled with SMS, which is susceptible to SIM swapping attacks.

Passwords can reveal the nature of interpersonal behaviors. 44% of Gen Z say they’ve changed a streaming service password to remove access from a family member or friend as an emotional response to something they said or did. Credential ownership and digital boundaries are increasingly shaped by personal decisions and relationships, particularly among Gen Z and Millennials, who are more likely to share account access to online platforms. 

Password stress varies across age groups. 62% of Gen Z report some level of stress around managing passwords despite growing up online. When security habits must be maintained across dozens of accounts, even digital natives feel the strain.

At 46%, Gen Z is most likely to use password management software. Yet, insecure sharing habits continue. 25% of Gen Z share passwords via text, 19% share screenshots, and 19% share verbally. Just 13% of respondents report using a password manager to share credentials securely, surfacing a lack of alignment between how passwords are stored and shared. 

On the other end of the spectrum, 67% of Boomers say they don’t share passwords, and just 7% share via text message. Although younger generations are trending toward adopting modern password management and MFA tools, risky behaviors undermine best practices.

While Gen Z shows signs of risk-taking and password fatigue, Gen X reveals another challenge: a lack of confidence in password managers. Only 33% of Gen X use a password manager, trailing behind 39% of Millennials and 46% of Gen Z. 

21% of Gen X admit they don’t know how to set up or don’t trust a password manager, even though they often hold leadership roles and are in the prime of their careers. Although most have general security risk awareness, the contrast of security habits by Gen X highlights an opportunity for enablement and education, particularly for a generation of leaders who influence security policies and behaviors for both the workplace and at home.

Read the full report.

The 2024 Bitwarden World Password Day survey gathered insights from 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to delve into current user password practices. The survey examined password security habits at home and in the workplace, assessed the perceived impacts of phishing and AI on online security, and captured user sentiment towards passkey adoption as an emerging authentication method.

Key findings:

• 36% of global respondents incorporate personal information into their passwords

• Almost a third of respondents (32%) feel unprepared or uncertain about defending against AI-enhanced cyber threats

• 37% view their workplace security habits as risky, with notable percentages storing passwords insecurely (35%) or using weak credentials (39%)

• Although 45% of global respondents are adopting passkeys, there is a lack of understanding (41% are “not very well informed” or “not at all") about their privacy and security benefits

For the third annual World Password Day Survey, Bitwarden surveyed over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Additionally, the 2023 survey included questions about passwordless technology.

Key findings:

• 56% are excited about passwordless authentication options such as biometrics, passkeys, or security keys

• Best practices are still diluted by bad habits, with 85% reusing passwords across multiple sites and 58% relying on memory for their passwords

• 52% use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of loved ones

Bitwarden partnered with Propeller Insights to poll over 2,000 consumers in the United States, United Kingdom, Germany, Japan, and Australia. While receptive to the importance of security, individuals continue to struggle with embracing habits that could better protect their data. 

Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices - but does being familiar mean putting into practice? Not quite. 

• A majority of global respondents (84%) reuse passwords across more than 1 site 

• Almost one fifth (21%) of respondents reset their passwords every day or multiple times a week

• Over half (55%) of global respondents rely on their memories to manage passwords

Bitwarden conducted its first World Password Day global survey in 2021 to assess the state of password management and security habits. Over 1600 internet users were polled in the United States, United Kingdom, Japan, and Australia.

Key findings:

• Data breaches run rampant: a quarter globally (24%) report being a victim of a data breach in the last 18 months, with the US reporting the highest percentage (33%)

• Memory has its drawbacks: the majority (59%) rely on their memory to remember passwords, and 56% reset their passwords from as frequently as every day to once a month

• More than half never share passwords for personal or work use