World Password Day Survey 2023

For the third year in a row, Bitwarden surveyed over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on how they view and manage their own password security. In a first, the survey explored sentiments around passwordless technology (such as biometrics, passkeys, or security keys). 

For a look at how IT decision makers view credential management and passwordless, see the Bitwarden 2023 Password Decisions Survey.

A majority (56%) of global respondents reported being ‘excited’ about passwordless technology. Of the respondents using passwordless authentication, 50% are or would consider using biometrics such as facial recognition, fingerprint, and voice to represent ‘something you are’ and 27% would prefer a PIN, name, or word for ‘something you know’. Of the 31% who are ‘not excited’ about passwordless technology, 57% prefer their memories over fingerprint or facial ID and 38% are concerned their fingerprint or facial ID will be used against them. But, as the below statistics make clear, management by memory comes with drawbacks. And, although new technologies can be daunting, passwordless authentication is the future. Fortunately, there are ways to live a passwordless life now that should remove some of the anxiety.

This year’s survey found that a fifth (20%) of respondents were affected by data breaches. Fortunately, the vast majority (82%) were prompted to reset their passwords (an ideal number would be 100%!). Respondents were also asked to consider which loved ones were most at risk of a data breach. Twenty percent said a parent, with spouse (19%) trailing a hair behind. As the blog "Bringing Bitwarden Home Home to Mom" explores, getting parents to embrace password security measures can be a tall order, but the peace of mind is well worth it.

The findings also point to a mixed picture when it comes to personal password security habits. Overall, 58% of global respondents rely on their memories to manage passwords for websites, apps, and services at home or at work.

Half (51%) have to reset their passwords because they can’t remember them, including 6% who do so everyday. 

On a positive note, 42% of respondents currently use or have used a password manager. Two-thirds (76%) use passwords that are at least 9 characters - but 52% use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of loved ones.

At this point, the use of a password such as ‘password123’ seems like urban lore. Unfortunately, it’s persistently invoked for a reason. As the survey reveals, 19% of respondents have used the word ‘password’ (or another common variation of the word) as their password. A simple way to eliminate this risk? Put that energy into creating a strong and unique master password and let your password manager do the remaining password creation work.

Nearly half (48%) of respondents share passwords. While this common practice can be done safely, the statistics indicate that isn’t happening. Over a quarter (27%) share passwords verbally and 15% do so over messaging/chat services. There are a lot of good ways to use Slack or Microsoft Teams, but sharing passwords isn’t one of them. Employers and employees can share passwords while simultaneously following security best practices.

Of course, passwords change hands outside of the workplace, too. Despite attempted crackdowns by providers, over one-third (36%) share passwords for TV streaming. Around a quarter (24%) share social media passwords and almost a quarter (21%) share banking app and music streaming app passwords. Bitwarden assessed the password security protocols of industry leaders within all the industries featured in this survey question to determine which businesses allow consumers to best utilize strong and unique passwords, and which leave room for improvement where security is concerned. The results may surprise you. Check out The Survey Room for an overview.

The 2023 survey shows momentum around passwordless technology, a positive development for those invested in creating a frictionless, yet still secure, environment. Other laudable trends may be found within the survey, such as findings that point to a sizable percentage of users deploying password managers, using passwords that are at least 9 characters long, and leveraging 2FA to further secure their information. 

Despite that, there is still room for growth. With password reuse remaining common, credential theft has grown in popularity. Equipping users with the tools they need to use strong and unique passwords for sites that require passwords – and passwordless authentication for those that support it – means they are much less likely to suffer the pain of a data breach. In the era of distributed teams, multiple apps, and multiple devices, there’s no better time to use a password manager.

Download the presentation to learn more about password habits, cybersecurity risks, and passwordless authentication.

Bitwarden partnered with Propeller Insights to poll over 2,000 consumers in the United States, United Kingdom, Germany, Japan, and Australia. While receptive to the importance of security, individuals continue to struggle with embracing habits that could better protect their data. 

Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices - but does being familiar mean putting into practice? Not quite. 

• A majority of global respondents (84%) reuse passwords across more than 1 site 

• Almost one fifth (21%) of respondents reset their passwords every day or multiple times a week

• Over half (55%) of global respondents rely on their memories to manage passwords

But, there are some encouraging signs. In a world in which almost a quarter (23%) of global respondents have been affected by a data breach, it is exciting to learn that two-factor authentication (2FA) has truly gone mainstream. 

• Most (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA

• Almost three fourths (73%) of global respondents use 2FA for work

• Over three fourths (78%) use it for personal accounts

Despite well-documented geopolitical tumult and an increased attack surface from remote work practices, password managers in the workplace have yet to truly take off. There is major room for growth here.

• Only 32% of Americans are required to use a password manager at work

• Globally, that number (25%) is even lower

• In both cases, a majority (68% in the U.S and 64% globally) of respondents believe workplaces should provide employees with a password manager to protect credentials

Bitwarden conducted its first World Password Day global survey in 2021 to assess the state of password management and security habits. Over 1600 internet users were polled in the United States, United Kingdom, Japan, and Australia.

Key findings:

• Data breaches run rampant: a quarter globally (24%) report being a victim of a data breach in the last 18 months, with the US reporting the highest percentage (33%)

• Memory has its drawbacks: the majority (59%) rely on their memory to remember passwords, and 56% reset their passwords from as frequently as every day to once a month

• More than half never share passwords for personal or work use