Contact us


15 password statistics that will change your attitude toward them

October 14, 2022
A study by the University of North Georgia reveals that a new cyberattack occurs every 44 seconds. This translates to roughly 2000 cyber attacks per day. Although not all of them are entirely caused by passwords, investing in a more sophisticated means of authentication would surely lower these concerning numbers.

Everything that's wrong with passwords

To highlight issues concerning poor password management and the consequences it brings, we've summed up some insightful password statistics and facts based on fresh studies.

1. A top ten million common passwords list available on GitHub reveals that ''12345'', ''password'', ''12345678'', and ''qwerty'' are the front runners.

The world of passwords we live in has made users insensible to the security measures provided by the password. They take a shortcut and use the simplest strings that are easy to remember – but what concerns enterprises, they're easy to crack as well.

2. 59% of users create passwords containing their names or birthdays.

Although an upgrade from ''qwerty'', boosting the security of your online and offline accounts with information easily gained through a quick google search, such as name and DOB, is not a great effort.

3. 43% of users shared at least one password with a colleague, friend, or family member.

Password sharing leads to both security and business side issues. Netflix is a good example of a streaming platform that lost revenue due to unofficial shared accounts as well as customer support costs caused by incoming password reset tickets in case of a compromised account. Moreover, users with bad intentions of having access to someone else’s account could easily compromise access to other services - often requiring the same credentials that are already in possession of the fraudster.

4. Upon finding out about a data breach, only 45% of users stated that they would change their password.

This information goes to show how counting on the individual user's reaction is not an option. An incident at Slack is a good example of how the post-incident period should be handled. The company sent out a password reset email to all users who were suspected to be affected during the security incident. Although the approach is more reactive than proactive, it was certainly a good decision to take the matter into the company's hands and block access to the service with credentials that are known to be compromised.

5. An IT specialist reuses passwords more often than the average user.

50% of IT professionals state that they reuse passwords across multiple accounts, both business and personal. Also, despite their security knowledge, the same percentage of average users and IT professionals admit to sharing passwords.

6. Only 32% of users can correctly define terms ''password manager'', ''phishing'', and ''2FA''.

A survey by Google shows a lack of understanding in terms of online security. The users are not provided with enough resources to protect their accounts by implementing standard security measures. With the rapid development and regulation concerning MFA, businesses must ensure that the average user is familiar with additional security measures and benefits provided by 2FA.

7. Four out of five breaches are somehow linked to passwords.

A study by Verizon, concerning breaches involving hacking, states that 80% of breaches are caused by passwords. The most common methods for compromising accounts are lost or stolen credentials and brute force attacks.

8. 55% of users state they would appreciate an alternative authentication method to replace passwords.

A study by Ponemon Institute discovers that more than half of the respondents want passwords out of the picture. The research also states what motivates users to switch to alternative authentication methods. They recognize that passwords provide insufficient security levels, they're frustrated with frequent password resets, and they don't enjoy the overall user experience the password provides.

9. 65% of users don't trust websites and systems that rely exclusively on passwords.

The average user is aware of today's cyber security threats landscape. Along with enabling user smooth user experience, companies also need to gain the user's trust in terms of implemented security measures.

10. 52% of users reuse the same password for multiple (but not all) accounts.

Following, a Google online security survey states that 13% of users use the same password for all accounts, including their email.

11. 59% of financial service companies have more than 500 passwords without expiration dates.

Companies dealing with sensitive data such as personal and financial information need to enforce secure password management policies. Implementing password-based authentication without requiring mandatory password renewals opens doors for brute force attacks based on exposed user credentials. Protecting your account with the same string of characters can soon prove to be a mistake.

12. An industry average for identifying and containing a data breach is 280 days.

That is 280 days of detecting and mitigating security implications, contrary to devoting the same amount of time to building a rock-solid security infrastructure. As mentioned, 80% of data breaches are caused by passwords. By eliminating passwords through the implementation of sophisticated means of authentication, you're investing in bulletproof security and reducing data breach-related costs.

13. According to a survey by LastPass, 57% of users tend to forget the password immediately after resetting it.

Password manager apps come in handy in such cases. But what if a bad actor gains access to the password manager? Moreover, what if the password manager requires another password to protect the ones that are stored on the app? We'd end up in an endless loop of passwords and password managers.

14. 64% of users simply avoid visiting services and web pages for which they forgot their passwords.

LastPass warns us how users tend to make a U-turn in case they're aware that they won't be able to access an account on their first attempt. They turn their heads to the competition, possibly offering more sophisticated means of authentication than the standard password.

15. 65% of survey participants believe that implementing biometrics as a form of authentication would increase the company's overall security.

The same study by Ponemon Institute also reveals that 55% of users have the same beliefs regarding passwordless authentication.

There is a way

Showcased numbers point out how passwords make a weak security infrastructure and can not be relied upon. It is no longer a matter of whether an account will be compromised; the question is when the account will be compromised. A proactive approach that simultaneously heightens security, implements MFA, and eliminates passwords lies in passwordless authentication. To get more insight on how passwordless authentication works and what are the business benefits that come with it, take a look at our latest blog post.

In case you're curious, feel free to contact us - zero obligation. Our ASEE team will be happy to hear you out.

Want to learn more about cybersecurity trends and industry news?



chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram