Is your password safe? Password Statistics You Didn't Know

Statistics to question the strength of your password

Reading time icon 8 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Creating a strong password is the first step toward securing your online accounts. 
  • Users generally do not put much effort into creating passwords and often reuse them, leaving multiple accounts vulnerable.
  • The interesting password statistics compiled below will make you wonder whether your passwords are enough to protect your account from cyber attacks. 
password Statistics

From social media to online banking, passwords play a significant role in ensuring that our virtual accounts stay protected from hackers. In fact, according to a LastPass paper, 36% of the users do not improve their password strength believing their account will not be targeted by hackers.

Ironically, we put little or no thought into creating a strong password, our defense against cyber-attacks. In this guide, we have completed the list of interesting password statistics along with password trends that will make you question whether your passwords will stand against hackers and brute force attacks.

What are the most common weak passwords?

Despite password managers gaining popularity, more than half of internet users are guilty of reusing their passwords. But that’s not it!

From the security firm Keeper Security, we learned that 62% of Americans prefer noting down their login credentials in a notebook or journal, which might be a good thing if they keep the paper safe.

However, 82% of them keep it near their work desk and accessible to anyone at home or in the workplace which certainly defeats the purpose of password safety. Not only that but according to, shockingly, 15% of internet users use their first name and 18% use their pet names in the password.

Luckily, nowadays, many of the services and websites don’t accept a password that doesn’t have a capital letter and a special symbol.

However, not all do! According to research from Specops Software, 88% of passwords used in successful attacks consisted of 12 characters or less, and 18.83% of the passwords successfully cracked had only lowercase characters. 

Data breach statistics

Weak passwords are easy to guess and expose your sensitive information, thus becoming vulnerable to ransomware and other attacks.

In Verizon’s Data Breach Investigation Report, 80% of data breaches occur because of weak passwords and enterprise networks are the most vulnerable to these threats.

Another piece of information spawn from a study held by security firm Bitwarden reveals that 1 in 4 people have been affected by a data breach in the last 18 months.

It may seem hilarious but Password, admin, welcome, and p@assw0rd are the most common base terms used by hackers to attack networks across multiple ports. The fact that they target the terms and succeed in breaching the systems successfully tells us that many users are still considering them.

In another blog post by Beyond Identity, we learned that 23% of internet users have had their personal emails hacked at some point in time.

Business password statistics

Organizations generally have sophisticated security protocols and password policies to protect their passwords. However, the remote work culture has created a new set of online security challenges.

If personal data can be dangerously revealing, for businesses, the situation is a lot more critical.

According to a security report released by the Yubico and Ponemon Institute, nearly half of IT security users reuse their personal passwords for workplace accounts. Also, the paper states that 49% of the IT security professionals and 51% of the users admitted to sharing their passwords with colleagues.

Of course, using a two-factor method of authentication will solve this problem but from the same report, we learned that only 35% of them employ this method.

And if the sharing is happening on smartphones and unsecured channels, there is no wonder that the systems get hacked.

Storing the passwords and credentials in spreadsheets is another practice discovered for 46% of IT security and cyber security professionals. You can only Imagine what sharing that spreadsheet may cause to the firm’s security. 

Another research study from Keeper Security reveals that 57% of those participating write down their passwords on sticky notes and 67% of them have lost these notes at some point. Not only that, but 62% of them use text messages and emails to share passwords leaving organizations vulnerable to cyberattacks.

Password security statistics

Internet users are slowly adopting the latest security measures such as two-factor authentications and password management software. If the information above was alarming, we still have some mildly good news as well.

According to the State of the Auth report by Duo Labs, two-factor authentication has been used by 79% of the participants at least once in their lifetime. Also, SMS (85%) and Emails (74.3%) are the two most command methods of Two-factor authentication.

Another encouraging information is that 65% of the users participating in the study now go for biometric methods like fingerprint or facial recognition instead of using traditional passwords.

Aside from two-factor authentication, password managers are a very good way of securing them.

However, according to Bitwarden, 66% of Americans don’t use them in the workplace although 73% think that they should use one. The good news is that 40% of Americans prefer password managers to store passwords with 9% more than the rest of the world population.

Password security by industry

Despite cyber-attacks on the rise, several businesses and industries still do not have proper security practices to secure sensitive information. Keep reading to find out.

Disconcerting enough, the term Password is still one of the most popular choices for passwords across all industries. And also, password, aaron431, 123456, student, and default are the most in the finance industry, according to NordPass.

From the same source, we also found that vacation is one of the most popular passwords in the healthcare industry.

Aside from personal or sensitive data, credit card information is certainly the most critical for any individual or business.

But unsurprisingly, 67% of individuals forget their passwords for online banking platforms, although 68.8% of the participants think that their online banking account’s password is safe, according to Beyond Identity.

In the same report, we found out that only 28.7% of the respondents used a password generator to generate strong passwords for work-related accounts.

If your password is often based on something you are less likely to forget, you are not alone. These statistics will show the trends internet users often stick to when creating passwords.

Apparently, according to a NordPass study, the most commonly used passwords are password, 123456, and 123456789 which unfortunately take less than 1 second to get cracked.

It may seem unusual, but films and TV shows often influence the password-creation process. Batman (2,562,776), Euphoria (53,993), and Encanto (10808) are very popular passwords.

And to top it off, you should know that from the same paper, we learned that Guest, 123456, and password are the most common password used in the United States.

It seems that 57% of the users admit to old password reuse by changing @ for a or 1 for i when changing passwords on a platform, according to

The future of password security

With the rapid advancements in technology, users are now choosing safer password security like biometrics and multi-factor authentication. Let’s take a look.

Until AI takes over our lives and makes it impossible for anyone to guess our passwords and even intent, we still need to struggle with the reality facts.

From the data acquired by Ping Identity, 96% of global IT professionals consider that passwordless authentication would offer a better user experience to employees.

So, the future would seem to rely on biometrics instead of any traditional methods used right now.

In fact, from the study cited above by Yubico and Ponemon Institute, 65% of respondents believe that biometrics would improve the security of their organization.

In the meantime, 42% of respondents from the Duo Laps study use a biometric method of authentication (such as a fingerprint) for at least some platforms and 32% of them have adopted the use of a password manager.

Tips & tricks for improving password security

Here are some valuable tips for you to improve password security so that your online identity stays protected.

  • Have unique passwords – Always create a unique password for each online account having a high password entropy value. Such a password is hard to predict and has a proper mix of uppercase and lowercase letters, digits as well as special symbols.
  • Do not use personal information – Include your personal information like your name, pet’s name, and partner’s name when creating a password is considered a bad habit in terms of online security.
  • Use password manages – Instead of creating memorable passwords, you should start using password managers, a centralized place to store and secure passwords with encryption techniques.
  • Use multi-factor or two-factor authentication – Enable two-factor or multi-factor authentication to add an extra layer of security that prevents unauthorized assess despite password breaches. You should check out these password managers with multifactor authentication
  • Adopt passwordless authentication techniques – Start switching to passwordless methods of authentication such as biometrics, hardware tokens, and OTPs which are more secure alternatives.

Hopefully, you now understand the necessity of using strong passwords and implementing advanced security measures as a defense against hackers and cyber-attacks.

Before you go, you should check out the powerful cyber security tools that are capable of providing complete network protection. 

If you have any queries or suggestions for us, do let us know in the comments section for us.

More about the topics: Cybersecurity