PersonalBusinessDownloadPricingHelpBlogContact
Get Started
Log In
PersonalBusinessDownloadPricingHelpBlogContactBusiness SalesGet StartedLog In
World Password Day Global Survey Full Report background image.

World Password Day Global Survey Full Report

Introduction

This marks the second year of the Bitwarden annual World Password Day survey. The survey, conducted independently by Propeller Insights, surveyed 2,000 internet users globally on how they view and manage their own password security. 

The stats and regional breakdowns below illustrate attitudes towards data breaches, personal password and workplace password habits, and remote work and return to office expectations. The first section, focusing on the big picture, includes some of the most compelling global themes and stats.

While the survey polled respondents in the United States, Germany, the United Kingdom, Australia, and Japan, this current report provides a global overview and focuses on findings from the United States, United Kingdom, and Japan.

Table of Contents

Data Breaches

Password Habits

Workplace Password Practices

Personal Preferences

Return to the Office and Remote Work

Download the full slide presentation.

Big Picture Themes

  • Security best practices are getting through. People prioritize security over ease of use, price, and operating system flexibility. Password manager usage is up - but actions speak louder than words and work remains.

    • Too many people still rely on memory for passwords, reuse them, and need to reset them frequently.

      • Employers should also be more proactive about implementing password security best practices. As people embrace passwords, employers - despite the latest geopolitical realities, data threats, and documented breaches - still shy away from requiring password managers.

  • Memory is notoriously unreliable, a factor that is driving people to use password managers.

Big Picture Stats

  • Percentage of people in each region who claim to have experienced a data breach:

    • United States - 31%

    • United Kingdom - 35%

    • Australia - 23%

    • Germany - 19%

    • Japan - 10%

  • People are paying heed to the headlines: globally, 35% of respondents are more worried about cyberattacks this year than last year.

  • Trust issues: globally, 28% of respondents are most worried their spouse will be affected by a data breach, followed by parents at 22%.

  • Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices - but does being familiar mean putting into practice? Not exactly.

    • A majority of global respondents (32%) reuse passwords across 5-10 sites.

    • Almost one-fourth (21%) of respondents reset their passwords every day or multiple times a week.

    • Over half (55%) of global respondents rely on their memories to manage passwords.

  • Over two-thirds (68%) of global respondents believe it is more important for a password to be secure than easy to remember - yet over half still rely on their memory to manage passwords. 

    • People know they should be secure, but still try to use their memories. However, there are tools readily available, at no cost, to help them.

  • Memory is notoriously unreliable: Of the one-third of global respondents who use password managers, a majority (51%) started because they ‘kept forgetting’ their passwords.

  • 2FA has gone global and this is a win for all: a majority (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA.

  • Despite documented data breaches and the ongoing risk of cyberattacks, password managers in the workplace have yet to truly take off. Only one-quarter (25%) of respondents are required to use a password manager at work.

  • Proactivity, please: A majority (64%) of global respondents believe workplaces should provide employees with a password manager to protect credentials.

  • Globally, most employees (68%) expect to return to the office - and the vast majority (83%) of global respondents believe employers should provide security tools and training specifically for remote work.

    • The sizable number (59%) of UK respondents who rely on ‘memory’ for password management may also explain the 35% who need to reset their passwords every day or multiple times a week. 

    • A notable 35% of UK respondents reset their passwords every day or multiple times a week.

    • Only 10% of Japanese respondents need to reset their passwords every day or multiple times a week.

    • A little over half (52%) of Japanese respondents use 2FA for work accounts, yet 72% use it for personal accounts. In other countries, a higher percentage of respondents use 2FA for work accounts.

    • Less than one-fourth (22%) of Japanese respondents use a password manager - lower than other regions.

Respondents affected by a data breach
Respondents affected by a data breach
Respondents reuse passwords
Respondents reuse passwords
Memory failure prompts use of password managers
Memory failure prompts use of password managers
Employees expect to return to office
Employees expect to return to office

Data Breaches

Data breaches are a real and ongoing threat. According to the nonprofit Identity Theft Research Center, reported data breaches increased 14% in the first quarter of this year (404, up from 353 in Q1 2021). Almost all (92%) were the results of cyberattacks (versus system or human error). Phishing and ransomware attacks remain the first and second causes of data breaches. 

Understandably, this climate is reflected in the below findings. 

Global Themes for Data Breaches

  • Breaches are real and impact consumers, not just big companies.

  • Respondents are most concerned about a spouse being affected by a data breach.

Global Stats for Data Breaches

  • Almost one-fourth (23%) of global respondents have been affected by a data breach.

  • Over one-third (35%) of UK respondents have been affected by a data breach.

  • Only 10% of Japanese respondents believe they’ve been affected by a data breach - but 16% also say they aren’t sure or don’t know.

  • Globally, 35% of respondents are more worried about cyberattacks this year than last year.

  • In the UK, 34% are more worried about cyberattacks this year than last year.

  • In Japan, 34% are more worried about cyberattacks this year than last year.

  • Globally, 28% of respondents are most worried their spouse will be affected by a data breach, followed by a parent at 22%.

  • In the UK, respondents are almost equally worried about parents (30%) and spouses (29%) being affected by a data breach.

  • In Japan, 30% of respondents are most worried about their spouse being affected by a data breach.

US Stats for Data Breaches

  • Almost one-third (31%) of US respondents experienced a data breach last year, a number comparable to last year’s findings.

  • Over half (53%) were notified by the organization that was breached.

  • Over one-third (36%) are more worried about cyberattacks than they were last year.

  • Almost one-third (31%) are most worried about a spouse being affected by a data breach, followed by a parent (20%) and child (18%).

    • This is a solvable problem. Bitwarden 2-person Organizations, available for free, enable users to share an unlimited number of passwords with a spouse, partner, or trusted loved one, at no cost.

Worried about cyberattacks
Worried about cyberattacks

Password Habits

This section gets to the heart of respondents' attitudes about and behavior with passwords in their personal lives. The findings are both encouraging and inconsistent, in that respondents value security, are very familiar with and use two-factor authentication, and generally use passwords that are the right length. And yet, they still engage in habits that have the potential to stymie the more positive behaviors.

Global Themes for Password Habits

  • Two-factor authentication has gone global.

  • Memories are unreliable, a factor that is driving people to use password managers, and evidenced by the almost quarter of global respondents who reset their passwords everyday or multiple times a day.

  • People understand the concept of security best practices - but there’s still work to be done.

  • When it comes to passwords, users believe it is more important a password be secure than easy to remember.

  • A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.

2FA goes global
2FA goes global

Global Stats for Password Habits

  • Over half (60%) of global respondents use passwords that are between 9-15 characters.

  • Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices.

  • A majority (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA.

  • Almost three-fourths (73%) of global respondents use 2FA for work; over three-fourths (78%) use it for personal accounts.

  • Over two-thirds (68%) of respondents believe it is more important for a password to be secure than easy to remember.

  • A majority 41% of global respondents manage passwords across 10-25 sites.

  • A majority of global respondents (32%) reuse passwords across 5-10 sites.

  • Over half (55%) of global respondents rely on their memories to manage passwords.

  • Over half (53%) of respondents never share their passwords with anyone in their personal life.

  • Over one-third (34%) of respondents claim to use a password manager.

  • Eventually, memory reaches its limit: of the one-third of global respondents who use password managers, a majority (51%) started because they ‘kept forgetting’ their passwords.

  • Almost one-fourth (21%) of respondents reset their passwords every day or multiple times a week.

Frequency of password resets
Frequency of password resets

Big Themes in the US for Password Habits

  • 2FA has gone mainstream among consumers - both at home and in the workplace.

  • When it comes to passwords, users believe it is more important a password be secure than easy to remember.

  • A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.

US Stats for Password Habits

  • Over half of US respondents (60%) use passwords between 9-15 characters. Over a quarter (26%) average between 6-8 characters - even though the ideal length is at least 14 characters.

  • Over half of US respondents (60%) are ‘very familiar’ with password security best practices.

  • While 56% of US respondents are ‘very familiar’ with 2FA, 44% are only ‘somewhat familiar’ or had not heard of it at all.

  • A whopping 79% of US respondents use 2FA for workplace accounts and 77% use it for personal accounts.

  • A majority of U.S. respondents (67%) believe it is more important for a password to be secure than easy to remember.

  • A little less than half (41%) of U.S. respondents manage passwords across 10-25 sites.

  • One-third (33%) of U.S. respondents re-use passwords across 5-10 sites.

  • Among U.S. respondents, there is an almost even split between those who reset their passwords once-a-month (37%) and those who ‘rarely’ reset their passwords (also 30%).

  • Almost half of U.S. respondents (49%) rely on their memory to manage passwords.

  • A little less than half (44%) of U.S. respondents currently use a password manager.

  • Nearly half (45%) of US respondents never share passwords with family and friends and over half (57%) never share with work colleagues. This may be due to the fact that the most popular methods for password management (memory, computer document) aren’t particularly conducive towards effective sharing.

Respondents use passwords that are 9-15 characters
Respondents use passwords that are 9-15 characters
Passwords by memory
Passwords by memory
Password manager usage up
Password manager usage up

Big Themes in the UK for Password Habits

  • The concept of password security deeply resonates in the UK.

  • 2FA has gone mainstream at work and at home.

  • A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.

  • The sizable number of UK respondents who rely on ‘memory’ for password management may also explain the 35% who need to reset their passwords every day or multiple times a week. 

UK Stats for Password Habits

  • Almost three-fourths (70%) of UK respondents use passwords between 9-15 characters.

  • Almost all (99%) of UK respondents are ‘somewhat’ or ‘very’ familiar with password security best practices.

  • Almost all (92%) of UK respondents are ‘somewhat’ or ‘very’ familiar with 2FA.

  • Most (82%) of UK respondents use 2FA for work, while 81% use it for personal accounts.

  • A majority (45%) of UK respondents manage passwords across 10-25 sites.

  • A majority (36%) of UK respondents reuse passwords across 5-10 sites.

  • A notable 35% of UK respondents reset their passwords every day or multiple times a week.

  • 59% of UK respondents rely on memory to manage their passwords.

  • A little less than half (43%) of UK respondents claim to never share their passwords with anyone in their personal life.

  • Over one-third (37%) of UK respondents currently use a password manager.

Most people are familiar with best practices
Most people are familiar with best practices

Big Themes in Japan for Password Habits

  • 2FA still has room to grow in Japan.

  • Respondents rely less on memory for password management and limit password reset - which may help explain why only 10% need to reset their passwords every day or multiple times a week.

  • A little over half (52%) of Japanese respondents use passwords between 9-15 characters.

  • Close to three-fourths (74%) of Japanese respondents are ‘somewhat’ or ‘very’ familiar with password security best practices.

  • More than half (60%) of Japanese respondents are ‘somewhat’ or ‘very’ familiar with 2FA.

  • A little over half (52%) of Japanese respondents use 2FA for work accounts, yet 72% use it for personal accounts.

  • A majority (44%) of Japanese respondents manage passwords across 10 or fewer accounts.

  • A majority (36%) of Japanese respondents reuse passwords across 1-5 sites.

  • Only 10% of Japanese respondents need to reset their passwords every day or multiple times a week.

  • Less than half (43%) of Japanese respondents rely on memory to manage their passwords.

  • Two-thirds (66%) of Japanese respondents claim to never share their passwords with anyone in their personal life.

  • Less than one-fourth (22%) of Japanese respondents use a password manager.

Workplace Password Practices

The percentage of employers requiring password manager usage in the workplace is objectively small. Despite their documented effectiveness and low cost, password managers surprisingly haven’t yet become a common workplace staple. Employers should pay heed to the fact that employees want to be protected. From a cybersecurity standpoint, it's unlikely things will get much better, so the time to make these changes is now.

Global Themes for Workplace Password Practices

Global Stats for Workplace Password Practices

  • One-quarter (25%) of respondents are required to use a password manager at work.

  • A majority (64%) of respondents believe workplaces should provide employees with a password manager to protect credentials.

Password managers at work
Password managers at work

Big Themes in the US for Workplace Password Practices

  • Despite their documented effectiveness, password managers haven’t become a common workplace staple.

  • Employees want employers to equip them with password manager software.

US Stats for Workplace Password Practices

  • Only 32% of respondents are required to use a password manager at work.

  • Of the employees who work for organizations that do not require a password manager, 41% would like their employer to provide password manager software.

  • Overall, 68% of respondents believe employers should provide employees with a password manager.

Big Themes in the UK for Workplace Password Practices

  • While only one-third are required to use a password manager at work, the majority believe workplaces should take an active role in offering password management tools.

UK Stats for Workplace Password Practices

  • Over one-third (34%) are required to use a password manager at work.

  • Almost three-fourths (69%) believe workplaces should provide employees with a password manager to protect credentials.

Big Themes in Japan for Workplace Password Practices

  • The percentage of Japanese respondents required to use a password manager is small - yet the majority believe workplaces should take an active role in offering password management tools.

  • Only 14% of Japanese respondents are required to use a password manager at work.

  • Over half (56%) of respondents believe workplaces should provide employees with a password manager to protect credentials.

Employer provided password management
Employer provided password management

Personal Preferences

Simply put, respondents want some of the people closest to them - their spouses and parents - to start using password managers. 

Add ‘using a password manager’ to the spouse wish list.

  • Over one-third (36%) of US respondents want their spouse to start using a password manager, followed by a parent (selected by 18%).

Global Themes for Personal Preferences

Spouses and parents are highest on the ‘please use a password manager’ wish list.

  • Globally, 33% of respondents would most like their spouse to start using a password manager.

  • In the UK, 38% of respondents would most like their spouse to start using a password manager.

  • In Japan, 28% would most like their spouse to start using a password manager, closely followed by a parent at 22%.

Respondents want their spouse to use a password manager
Respondents want their spouse to use a password manager

Return to the Office and Remote Work

While there has been much debate about the merits of returning to work versus a hybrid approach versus continuing with remote work, the findings are clear: most people expect to return to the office. But, those who are remote expect to be supplied with the tools and education they need to keep their data protected.

US Themes for Return to the Office and Remote Work

Most employees expect to return to work - and those who are remote expect to be better protected.

  • Almost two-thirds (72%) of employees expect to go back to the office full-time.

  • Most US respondents (85%) believe employers should provide security tools and training specifically for remote work.

Global Themes for Return to the Office and Remote Work

Globally, most employees expect to return to work - and those who are remote expect to be better protected.

  • Globally, over two-thirds (68%) of respondents expect to go back to the office full-time.

  • In the UK, 60% of respondents expect to go back to the office full-time.

  • In Japan, 64% expect to go back to the office full-time.

  • The vast majority (83%) of global respondents believe employers should provide security tools and training specifically for remote work.

  • The vast majority (84%) of UK respondents believe employers should provide security tools and training specifically for remote work.

  • Almost three-fourths (73%) of Japanese respondents believe employers should provide security tools and training specifically for remote work.

Employees expect to return to the office
Employees expect to return to the office
Remote workers want to be better protected
Remote workers want to be better protected

Keep yourself and your company protected

Get started with your own basic free or premium account, or enable your colleagues with a business organization.

Secure Your Business Data with End-to-End Encryption

Choose the right Bitwarden plan for your business and start your free 7-day trial today.

For Teams & Business
Unlimited Users
Upgrade anytime
$
3
per user/month
  • All Premium Features, Plus:
  • Unlimited Collections & Items
  • Directory Connector
  • API access
  • 24/7 Priority Tech Support
For Enterprise
Unlimited Users
Expand anytime
$
5
per user/month
  • All Teams Features, Plus:
  • Self-Hosting Deployment Option
  • SSO Authentication
  • Enterprise Policies
For Teams & Business
Free for Everyone
Every Wednesday at 12 pm ET
See a Live Demo
Join us to see Bitwarden in action.
Language

Products

Resources

  • Resource Center
  • Community Forums
  • Security Compliance
  • Success Stories
  • User Reviews
  • Newsfeed
  • Subscribe to Updates
©2022 Bitwarden, Inc.
Terms Privacy Sitemap