These in-depth password statistics will inform you about the importance of weak passwords, which are the leading cause of data breaches and cyber attacks.
Surprisingly, many still use easily-guessable passwords for their online accounts, even those with sensitive information.
Besides being weak, people use the same password for multiple accounts, becoming an even easier target. Keep in mind that a six-character password is still very easy for a computer to crack.
By living our lives in the digital space more than ever, strong passwords are necessary.
In this article, you’ll learn about how many passwords an average person has, our password habits, password management, etc.
Don’t be a victim – sort out your passwords now!
This post covers:
- How Many Passwords Does An Average Person Have?
- Password Habit Statistics
- Weak Password Statistics
- Password Manager Statistics
- Password Data Breach Statistics
- Other Interesting Password Stats and Trends
Password Statistics (Our Top Picks)
- An average person has approximately 100 passwords
- “Password” is the most common password globally
- Sports teams, movie characters and food are the most commonly used for passwords
- 30% of US and UK people find resetting passwords as stressful as retiring
- 40% of US respondents remember their passwords by heart
- 6-character passwords are easy to crack
- Global password management market to reach $3+ billion by 2025
- 30% of users are victims of data breaches because of weak passwords
- The biggest data breach affected almost 11 billion user records
How Many Passwords Does An Average Person Have?
1. An average person has approx. 100 passwords (really?!)
I’d say ten, max twenty, but 100? Research by NordPass reported that an average person has around 100 passwords. Not just that, but a similar study from a year prior found that people had between 70-80. So that’s about a 25% increase in the number of passwords that we have.
New account for this, new account for that – oh hey, two more passwords to remember or store in the manager.
2. “Password” is the most common globally
NordPass revealed that at a count of nearly five million, “password” is the most popular password around the world. This applies to both men and women.
Okay, I never even thought of using “password,” so that’s something new to me.
The second and third most popular passwords are “123456” (1.5+ million uses) and “123456789” (410K+ uses).
Among the 200 most popular passwords, “124578” and “bonjour” are the least popular.
3. Most popular passwords by country
At least Taiwan and the United States are a little more creative. The rest are boring.
Password Habit Statistics
4. Sports teams, movie characters and food items are the most commonly used for passwords
Nope, pizza isn’t the first on the list of most common food-related passwords – in fact, it is in sixth place. The first is fish, the second poke and the third is rice.
Among sports teams, people like using Red Star Belgrade and Detroit Red Wings as a password the most.
What about movie-related ones? Leon, Coco, Joker, Matrix and Starwars. I was certain that something related to LoTR would also be on the list.
Okay, here’s one more; can you guess which swear word is the most popular? Yup, it’s “fuck.”
5. 30% of US and UK people find resetting passwords as stressful as retiring
Nearly one-third of the US and UK population find resetting their passwords as stressful as retiring. Moreover, the US and UK people compare falling victim to a data breach (which includes stolen passwords) as stressful as losing a wallet or facing an illness.
Is it really THAT bad?
6. 80% of US and UK users say that managing passwords is somewhat difficult
Eight out of ten people in the United States and the United Kingdom find managing passwords (somewhat) difficult. And 30% of the US respondents and 50% UK say it’s challenging to remember multiple unique passwords.
Some password management challenges are having too many accounts, finding it hard to remember which password belongs to which account and creating complex passwords.
7. 70% say that the more sensitive the info, the stronger the password should be
More than two-thirds of users agree that the more sensitive and vulnerable the information is, the more strong the password should be.
People’s most valuable accounts are those of their banks or financial institutions. Second and third are their email and big online store accounts, like Amazon and eBay. Users fear that if these platforms get hacked, they’ll lose money.
But accounts related to entertainment, health, sports, productivity and transportation aren’t far back in terms of fear of losing money.
Don’t miss these scary hacking statistics – taking online security seriously is a MUST.
8. 40% of US respondents remember their passwords by heart
Almost 40% of the US respondents reported they remember (all) their passwords by heart. On the contrary, one-third of them said they use a password manager tool to manage and store their passwords. The final third writes them down.
9. 53% of US users create unique passwords for each social media account
More than half of the US users take time to create a unique password for all their social media accounts to stay protected. Moreover, 47% of them say they reuse the same passwords across multiple social accounts.
Weak Password Statistics
10. Millions of people around the world still use weak passwords
According to NordPass’s look at the 200 most common passwords in 2022, we can see that the most common variations are very weak. Either they use a simple (overused!) word or a string of (too obvious!) numbers, which all take less than a second to crack.
11. 6-character passwords are easy to crack
Any password that consists of up to six characters is a piece of cake to crack for a computer. Even if you use at least one uppercase later, a number and a symbol. I bet this will make you want to rethink your passwords from now on.
As soon as you use eight characters that aren’t all lowercase, that situation changes significantly in your favor.
But (!), it will take a computer 34,000 years to crack if you use a twelve-character password containing at least one uppercase letter, a number and a symbol.
12. Don’t use your favorite Premier League team as a password (easily hackable)
Hundreds of thousands of UK people use their favorite Premier League team names as a password, which are effortless to crack by cyber criminals.
The most common team names used in passwords are (in numbers of people using them):
- Liverpool, 280,000+
- Chelsea, 216,000+
- Arsenal, 179,000+
- Manutd, 59,000+
- Everton, 46,000+
13. Almost 30% of US adults use the same password for all their accounts
More men than women use the same password across all their accounts. 28% of adults use the same password, while 22% use different ones.
Moreover, adults aged 18 to 34 are the least concerned about password security, thus sticking to the same password to access their accounts and profiles. But only 2% of the people aged 55+ use the same password.
14. The second most popular and weakest LinkedIn password is “linkedin”
It’s shocking how weak most common passwords are, so no wonder why so many people’s accounts get hacked as easily as saying ABC.
According to a LinkedIn hack from 2012, “123456” was the most popular password (used by 753,000+ accounts), followed by “linkedin” (172,000+ accounts) and “password” (144,000+ accounts).
Password Manager Statistics
15. 38% of people don’t use a password manager because they have a system
The biggest reason for not using a password manager is “My current system works.” I’m one of those!
The other four most common reasons people avoid a password manager are:
- Not interested in paying for password protection
- Not knowing which tool to use
- Worry that the password manager will get hacked
- Not knowing how to start using it
16. But what’s the main reason for using a password manager?
Half the people worldwide say using a password manager tool seems like a great way to (finally) protect their digital information.
See the table below for the other five main reasons why people opt for a password manager.
|Reason to use a password manager||Share of respondents|
|Using it at work||31%|
|Heard/read about it in the news||22%|
|Sharing passwords with friends||16%|
|“I was hacked”||15%|
17. Global password management market to reach $3+ billion by 2025
According to Statista, the password manager market was estimated at $2+ billion in 2022 but is expected to grow to over $3 billion by 2023.
This makes sense since we have more and more passwords to juggle each year, and remembering them all by heart isn’t an option anymore. Come on, can you really remember 100+? Well, I cannot.
18. 51% of Android users don’t use a password manager
Although the survey was done in selected countries, it was still found that 51% of Android and 60% of Windows users don’t have a password manager. But it’s way likelier for an Apple device user to have a password manager on their iPads and MacBooks.
19. 20% of adults use a password manager to manage their accounts
The global average use of a password manager is 20%, lower than the percentage of users saving logins in browsers (25%) or entering them manually (27%).
|Country||Percentage of adults using password manager|
Password Data Breach Statistics
20. 30% of users are victims of data breaches because of weak passwords
Nearly one-third of users (in the IT field!) fall victim to data breaches because of their weak and easy-to-crack passwords. In addition to that, almost 23% of them weren’t sure or aware whether they got attacked or not.
And using the same password for multiple accounts makes us even more vulnerable to data breaches.
21. Only 33% change their password after a breach
Of the users with accounts of breached websites, only 33% of them changed their passwords. Unfortunately, the research found that the new ones were barely stronger than the old ones. Many were of the same strength or even weaker.
However, according to a study by Google, 45% of Americans change their password following a data breach.
22. 62% of people with high password fatigue had their accounts hacked/breached
Nearly twice as many Americans with high password fatigue had their account hacked or breached. But only 29% of those with a low level of fatigue.
If you have trouble remembering your passwords, it’s wise to write them down or use a password manager.
Source: Beyond Identity
23. 60% of users reuse stolen passwords
According to SpyCloud findings, 60% of users with more than one password stolen or exposed reused this same password on one or multiple accounts.
The percentage of reused passwords with .gov emails is even higher at 87%.
24. Pishing is one of the most common types of password attacks
Out of 36% of breaches that happened in 2020 contained phishing, which makes it one of the most common types of attacks on passwords.
Other Interesting Password Stats and Trends
25. The passwordless authentication market grows each year steadily
Instead of using a password, more and more applications and devices are transitioning to passwordless authentication. In 2022, the market was valued at $15.6 billion, but it’s predicted to jump to over $53 billion in 2030.
26. The biggest data breach affected almost 11 billion user records
The biggest data breach in history experienced CAM4 (an adult cam site), affecting 10.88 billion records, including passwords, names, IP addresses, usernames, toke information and chats, to name a few.
The biggest data breaches of all time
|Data breach||Nr. of affected records|
|Keepnet Labs||5 billion|
27. 8% of WordPress sites get hacked because of weak passwords
It’s said that a whopping 5% of WordPress websites get hacked purely because of webmasters picking too poorly structured websites. But this isn’t the only reason WP sites get hacked – check our in-depth WordPress hacking statistics for more information.
But because WordPress powers more than 40% of ALL websites in the world, you may also be interested in these general WordPress statistics.
28. Trojan-PSW detections increased by nearly 1/4 in 2022
Trojan-PSW (a malware that steals passwords) detection jumped by almost a quarter in 2022 from 2021, going from 3,029,000+ to 4,003,000+.
29. 3 billion credentials/passwords were stolen in 2016
While we couldn’t find the data on how many were stolen last year, we came across the number 3 billion, which is how many credentials and/or passwords were stolen in 2016. That’s 8.2 million per day!
Source: Cybersecurity Ventures
30. 300 billion passwords in use in 2020
The growth of passwords is increasing rapidly, going from around 90 billion in 2018 to 300 billion in 2020. And all this means is that those 300 billion passwords need protection.
Likely, the number is much higher today because we’re downloading more apps and creating more accounts that need (hopefully unique) passwords.
Source: Cybersecurity Ventures
31. Spaniards and Germans benefit from security awareness training on passwords the most
It was found that the majority of people from Spain and Germany benefitted from the security awareness training programs on password best practices in 2021. But only 32% of people in the United Kingdom were trained in password protection’s best practices.
32. Two main concerns about replacing passwords with biometric authentication
Statista reports that the two main reasons for concern when switching from traditional passwords to biometric authentication are 1) privacy concerns related to biometric authentication methods and 2) lack of device availability that supports this type of protection.
33. Companies are switching to passwordless access
The worldwide switch to passwordless access is on the rise. Most companies worldwide will switch to this method in the next twelve to eighteen months, so workers won’t have to worry about remembering passwords anymore.
Moreover, security is the main reason for adopting passwordless access for IT security leaders worldwide. And for non-IT security leaders, it’s uniting different authentication mechanisms.
34. The main challenge for adopting passwordless access is non-supportive technology
The number one challenge IT staff and IT security leaders face when adopting passwordless authentication is that legacy systems and applications don’t support the new technology.
Moreover, many non-IT security leaders aren’t interested in switching because they are happy with their current password authentication process.
Although it’s thought that we figured out the password game, it’s far from the truth.
The most commonly used passwords by people worldwide are still too weak (and obvious) and easy to crack, causing ongoing challenges in web security.
People can use various steps to protect themselves, like using strong passwords and storing them in password managers. And even if you’ve been using the same password(s) for many years, simply changing them with an improved one is an excellent practice.
Although technology is evolving and cybersecurity is improving, so are hackers. Thus, it’s up to all of us to do our part in creating a safer digital world – with STRONG passwords.
Do you have a unique password for all your accounts/profiles?