2022 World Password Day Global Survey Full Report

• Percentage of people in each region who claim to have experienced a data breach:

  • United States - 31%

  • United Kingdom - 35%

  • Australia - 23%

  • Germany - 19%

  • Japan - 10%
    

• People are paying heed to the headlines: globally, 35% of respondents are more worried about cyberattacks this year than last year.
  

• Trust issues: globally, 28% of respondents are most worried their spouse will be affected by a data breach,

  followed by parents
  at 22%.
  

• Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices - but does being familiar mean putting into practice? Not exactly.

  • A majority of global respondents (32%) reuse passwords across 5-10 sites.

  • Almost one-fourth (21%) of respondents reset their passwords every day or multiple times a week.

  • Over half (55%) of global respondents rely on their memories to manage passwords.
    

• Over two-thirds (68%) of global respondents believe it is more important for a password to be secure than easy to remember - yet over half still rely on their memory to manage passwords. 

  • People know they should be secure, but still try to use their memories. However, there are tools readily available, at no cost, to help them.
    

• Memory is notoriously unreliable: Of the one-third of global respondents who use password managers, a majority (51%) started because they ‘kept forgetting’ their passwords.
  

• 2FA has gone global and this is a win for all: a majority (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA.
  

• Despite documented data breaches and the

  ongoing risk of cyberattacks
  , password managers in the workplace have yet to truly take off. Only one-quarter (25%) of respondents are required to use a password manager at work.
  

• Proactivity, please: A majority (64%) of global respondents believe workplaces should

  provide employees with a password manager
  to protect credentials.
  

• Globally, most employees (68%) expect to return to the office - and the vast majority (83%) of global respondents believe employers should provide security tools and training specifically for remote work.

  • The sizable number (59%) of UK respondents who rely on ‘memory’ for password management may also explain the 35% who need to reset their passwords every day or multiple times a week. 

  • A notable 35% of UK respondents reset their passwords every day or multiple times a week.

  • Only 10% of Japanese respondents need to reset their passwords every day or multiple times a week.

  • A little over half (52%) of Japanese respondents use 2FA for work accounts, yet 72% use it for personal accounts. In other countries, a higher percentage of respondents use 2FA for work accounts.

  • Less than one-fourth (22%) of Japanese respondents use a password manager - lower than other regions.

Data breaches are a real and ongoing threat. According to the nonprofit

Understandably, this climate is reflected in the below findings. 

• Breaches are real and impact consumers, not just

  big companies
  .
  

• Respondents are most concerned about a spouse being affected by a data breach.
  

• Almost one-fourth (23%) of global respondents have been affected by a data breach.
  

• Over one-third (35%) of UK respondents have been affected by a data breach.
  

• Only 10% of Japanese respondents believe they’ve been affected by a data breach - but 16% also say they aren’t sure or don’t know.
  

• Globally, 35% of respondents are more

  worried about cyberattacks
  this year than last year.
  

• In the UK, 34% are more worried about cyberattacks this year than last year.
  

• In Japan, 34% are more worried about cyberattacks this year than last year.
  

• Globally, 28% of respondents are most worried their spouse will be affected by a data breach, followed by a parent at 22%.
  

• In the UK, respondents are almost equally worried about parents (30%) and spouses (29%) being affected by a data breach.
  

• In Japan, 30% of respondents are most worried about their spouse being affected by a data breach.
  

• Almost one-third (31%) of US respondents experienced a data breach last year, a number comparable to last year’s findings.
  

• Over half (53%) were notified by the organization that was breached.
  

• Over one-third (36%) are more worried about cyberattacks than they were last year.
  

• Almost one-third (31%) are most worried about a spouse being affected by a data breach, followed by a parent (20%) and child (18%).

  • This is a solvable problem.

    Bitwarden 2-person Organizations
    , available for free, enable users to share an unlimited number of passwords with a spouse, partner, or trusted loved one, at no cost.

This section gets to the heart of respondents' attitudes about and behavior with passwords in their personal lives. The findings are both encouraging and inconsistent, in that respondents value security, are very familiar with and use two-factor authentication, and generally use passwords that are the right length. And yet, they still engage in habits that have the potential to stymie the more positive behaviors.

• Two-factor authentication has gone global.
  

• Memories are unreliable, a factor that is driving people to use password managers, and evidenced by the almost quarter of global respondents who reset their passwords everyday or multiple times a day.
  

• People understand the concept of security best practices - but there’s still work to be done.
  

• When it comes to passwords, users believe it is more important a password be secure than easy to remember.
  

• A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.

• Over half (60%) of global respondents use passwords that are between 9-15 characters.
  

• Almost all (90%) of global respondents are ‘somewhat’ or ‘very’ familiar with password security best practices.
  

• A majority (83%) of global respondents are ‘somewhat’ or ‘very’ familiar with 2FA.
  

• Almost three-fourths (73%) of global respondents use

  2FA for work
  ; over three-fourths (78%) use it for personal accounts.
  

• Over two-thirds (68%) of respondents believe it is more important for a password to be secure than easy to remember.
  

• A majority 41% of global respondents manage passwords across 10-25 sites.
  

• A majority of global respondents (32%) reuse passwords across 5-10 sites.
  

• Over half (55%) of global respondents rely on their memories to manage passwords.
  

• Over half (53%) of respondents never share their passwords with anyone in their personal life.
  

• Over one-third (34%) of respondents claim to use a password manager.
  

• Eventually, memory reaches its limit: of the one-third of global respondents who use password managers, a majority (51%) started because they ‘kept forgetting’ their passwords.
  

• Almost one-fourth (21%) of respondents reset their passwords every day or multiple times a week.

• 2FA has gone mainstream among consumers - both at home and in the workplace.
  

• When it comes to passwords, users believe it is more important a password be secure than easy to remember.
  

• A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.
  

• Over half of US respondents (60%)

  use passwords between 9-15 characters
  . Over a quarter (26%) average between 6-8 characters - even though the ideal length is at least 14 characters.
  

• Over half of US respondents (60%) are ‘very familiar’ with password security best practices.
  

• While 56% of US respondents are ‘very familiar’ with 2FA, 44% are only ‘somewhat familiar’ or had not heard of it at all.
  

• A whopping 79% of US respondents use 2FA for workplace accounts and 77% use it for personal accounts.
  

• A majority of U.S. respondents (67%) believe it is more important for a password to be secure than easy to remember.
  

• A little less than half (41%) of U.S. respondents manage passwords across 10-25 sites.
  

• One-third (33%) of U.S. respondents re-use passwords across 5-10 sites.
  

• Among U.S. respondents, there is an almost even split between those who reset their passwords once-a-month (37%) and those who ‘rarely’ reset their passwords (also 30%).
  

• Almost half of U.S. respondents (49%) rely on their memory to manage passwords.
  

• A little less than half (44%) of U.S. respondents currently use a password manager.
  

• Nearly half (45%) of US respondents never

  share passwords with family and friends
  and over half (57%) never share with work colleagues. This may be due to the fact that the most popular methods for password management (memory, computer document) aren’t particularly conducive towards effective sharing.

• The concept of password security deeply resonates in the UK.
  

• 2FA has gone mainstream at work and at home.
  

• A majority of respondents are managing passwords across 10-25 sites, which may help explain why the majority is also reusing passwords across at least 5-10 sites.
  

• The sizable number of UK respondents who rely on ‘memory’ for password management may also explain the 35% who need to reset their passwords every day or multiple times a week. 
  

• Almost three-fourths (70%) of UK respondents use passwords between 9-15 characters.
  

• Almost all (99%) of UK respondents are ‘somewhat’ or ‘very’ familiar with password security best practices.
  

• Almost all (92%) of UK respondents are ‘somewhat’ or ‘very’ familiar with 2FA.
  

• Most (82%) of UK respondents use 2FA for work, while 81% use it for personal accounts.
  

• A majority (45%) of UK respondents manage passwords across 10-25 sites.
  

• A majority (36%) of UK respondents reuse passwords across 5-10 sites.
  

• A notable 35% of UK respondents reset their passwords every day or multiple times a week.
  

• 59% of UK respondents rely on memory to manage their passwords.
  

• A little less than half (43%) of UK respondents claim to never share their passwords with anyone in their personal life.
  

• Over one-third (37%) of UK respondents currently use a password manager.

The percentage of

• Despite documented data breaches and the

  ongoing risk of cyberattacks
  , password managers in the workplace have yet to truly take off.
  

• One-quarter (25%) of respondents are required to use a password manager at work.
  

• A majority (64%) of respondents believe workplaces should provide employees with a password manager to protect credentials.

• Despite their documented effectiveness, password managers haven’t become a common workplace staple.
  

• Employees want employers to equip them with password manager software.
  

• Only 32% of respondents are required to use a password manager at work.
  

• Of the employees who work for organizations that do not require a password manager, 41% would like their employer to provide password manager software.
  

• Overall, 68% of respondents believe employers should provide employees with a password manager.

• While only one-third are required to use a password manager at work, the majority believe workplaces should take an active role in offering password management tools.
  

• Over one-third (34%) are required to use a password manager at work.
  

• Almost three-fourths (69%) believe workplaces should provide employees with a password manager to protect credentials.
  

• The percentage of Japanese respondents required to use a password manager is small - yet the majority believe workplaces should take an active role in offering password management tools.

• Only 14% of Japanese respondents are required to use a password manager at work.
  

• Over half (56%) of respondents believe workplaces should provide employees with a password manager to protect credentials.

Simply put, respondents want some of the people closest to them - their

Add ‘using a password manager’ to the spouse wish list.

• Over one-third (36%) of US respondents want their spouse to start using a password manager, followed by a parent (selected by 18%).
  

Spouses and parents are highest on the ‘please use a password manager’ wish list.

• Globally, 33% of respondents would most like their spouse to start using a password manager.
  

• In the UK, 38% of respondents would most like their spouse to start using a password manager.
  

• In Japan, 28% would most like their spouse to start using a password manager, closely followed by a parent at 22%.

While there has been much debate about the merits of returning to work versus a hybrid approach versus continuing with remote work, the findings are clear: most people expect to return to the office. But, those who are remote expect to be supplied with the tools and education they need to keep their data protected.

Most employees expect to return to work - and those who are remote expect to be better protected.

• Almost two-thirds (72%) of employees expect to go back to the office full-time.
  

• Most US respondents (85%) believe

  employers should provide security tools
  and training specifically for remote work.
  

Globally, most employees expect to return to work - and those who are remote expect to be better protected.

• Globally, over two-thirds (68%) of respondents expect to go back to the office full-time.
  

• In the UK, 60% of respondents expect to go back to the office full-time.
  

• In Japan, 64% expect to go back to the office full-time.
  

• The vast majority (83%) of global respondents believe

  employers should provide security tools
  and training specifically for remote work.
  

• The vast majority (84%) of UK respondents believe employers should provide security tools and training specifically for remote work.
  

• Almost three-fourths (73%) of Japanese respondents believe employers should provide security tools and training specifically for remote work.