Impressive Password Statistics to Know in 2023

Updated · May 20, 2023

If you've ever used passwords like "123456" or "123455678" to protect your online account, you've probably had a stolen password at some point.

It's a shame to still rely on passwords like "iloveyou" in the age of IoT gadget abundance when your machine and your fridge are exchanging data faster than you can think.

Unfortunately, far too many people rely on bad practices, making it extremely easy for hackers to access data that does not belong to them.

Keep reading this list of staggering password statistics below to learn about other people's mistakes and their consequences.

Staggering Password Statistics to Keep in Mind (Editor’s Pick)

  • 24% of Americans have used passwords like "password," "Qwerty," and "123456".
  • 67% of all Americans use the same password for different online accounts.
  • 90% of internet users are concerned about having their passwords compromised.
  • 53% of people rely on their memories to handle passwords.
  • The password "123456" is now used by more than 23 million people.
  • According to a study of over 15 billion passwords, the typical password length is eight characters or fewer.
  • Compromised credentials are the most common cause of malicious attacks, accounting for 61% of breaches.
  • More than 60% of workers use the same password for their job and personal apps.
  • 59% of Americans use a person’s name or a family member's birthday as a password.
  • Two out of every five people have had their identities hacked, passwords compromised, or sensitive information breached because of duplicate and outdated passwords.

Unbelievable Password Statistics in 2022

These scary stats might be enough to convince you to update your passwords on a regular basis.

But there’s more:

1. 50% of people use the same password for all their logins.

(Source: Lastpass)

A recent study shows that an alarmingly large number of people continue to use the same password for all of their logins. With this risky behavior, it’s only a matter of time before your passwords get stolen.

2. “123456” is the most common password in the world.

(Source: NordPass)

“123456” has been the most commonly used password since the dawn of time. But just because it’s easy to remember doesn’t mean it's safe. It can be cracked within seconds, leaving you no time to react.

3. The average password length is eight characters or less.

(Source: Dataprot)

Eight-character passwords account for almost 30% of the 15 billion passwords analyzed in a study. Six-character passwords amount to just under 20%.

To decrease the chances of your password being compromised, you should use more than eight characters.

4. 51% of people have the same password for their work and personal accounts.

(Source: Dataprot)

According to recent password reuse stats, more than half of internet users do not bother creating different login credentials for their personal and company accounts.

Reusing a password makes sense because it’s easy to remember, but it also makes your accounts vulnerable.

5. Only 31.3% of internet users update their passwords once or twice a year.

(Source: Digital Guardian)

More than 60% of people don’t update their passwords regularly, leaving the door open to attackers.

How often should you change your passwords? If you are concerned about your online safety, you should change your credential frequently—every 60-90 days.

6. Over 80% of data breaches are due to poor password security.

(Source: Idagent)

A data breach can cost companies and individuals millions of dollars, yet the measures employees take to prevent this are minimal.

In fact, the information of 543 work accounts is freely available in something like a hacked passwords database on the dark web.

7. 65% of Americans don’t trust password managers.

(Source: Password Manager)

The fear that a password manager can be hacked is more common in people aged 55+. 37.4% of that age group don’t use this service and 20.1% don't even know what a password manager is.

These percentages are lower in younger generations—12% among 35-54 year-olds and 14.1% for 18-34 year-olds.

Hacking Statistics to keep in mind in 2022

The cybersecurity sector expands at a fast pace. Although more tools are being mobilized to combat cybercrimes, the industry still has a long way to go.

We at HostingTribunal compiled this list of hacking statistics to illustrate the current state of cybersecurity, hacking, and password management:

8. People have an average of 38.4 passwords.

(Source: SC Magazine)

It is estimated that over 300 billion passwords are currently in use, which equates to around 38.4 passwords per internet user.

The number of passwords employees in big companies handle is twice the world’s average. That’s a whole lot of passwords to remember.

9. Every 11 seconds, a business falls victim to ransomware.

(Source: Security Magazine)

The frequency of ransomware attacks is much higher in 2021 than it was in 2016—every 40 seconds.

The non-secure username and passwords we use offer hackers a better chance of success.

10. About 20% of social media accounts will be hacked.

(Source: ZeroFOX)

The threat is bigger for brand and company accounts, but social media hack statistics show that individual profiles are susceptible too.

This can be avoided if people update their passwords frequently, avoid reusing them, and rely on 2FA.

11. 90% of passwords are vulnerable to attack.

(Source: Avast)

Nine out of ten individuals are worried about getting their passwords stolen or being hacked.

46% of people in the study reported being “very concerned” and 44%—“a little concerned” about someone cracking their passwords.

Very few people have peace of mind—8% claimed they were “not overly concerned,” while 2% were “not concerned at all.”

12. Adobe password breaches impacted 153 million people.

(Source: UpGuard)

153 million Adobe accounts were compromised in October 2013. An internal ID, username, email, encrypted login, and password clue were all exposed in plain text as a result of the data breach.

The main reason was the poor encryption, but the password clues exacerbated the problem. They made it possible to guess the credentials of many people.

Password Security Statistics

Despite the fact that cybersecurity risks have evolved, businesses continue to depend on passwords alone as an efficient protection measure.

The password statistics below reveal just how risky this outdated thinking can be.

13. 76% of the young generation don’t pay attention to password security.

(Source: Digital Guardian)

76% of people aged 18 to 24 are likely to reuse a password. Surprisingly, this is the highest percentage of any age group. People above the age of 65 hold second place with 62%.

These security password statistics are shocking because one would expect the younger tech-savvy generation to be more cautious about their online security.

14. 43% of US internet users shared their passwords with others.

(Source: Google)

Nearly half of the respondents in the Google survey admitted to disclosing a password at some point.

Granted, 57% of these people shared it with a significant other. However, just 11% change their login credentials after a divorce.

15. 69% of employees have shared their passwords with colleagues.

(Source: Betanews)

Recent password stats show that 69% of respondents confess to swapping passwords with coworkers.

Strong password protection is the main thing keeping your documents, consumer accounts, and financial records safe. Yet, hacking passwords and data breaches due to careless employee behavior are more common than ever.

For that reason, the companies realizing the importance of security measures try to instill certain habits in their workers.

16. Employees reuse their passwords 13 times on average.

(Source: Logmein)

According to recent password stats, workers reuse their login credentials an average of 13 times.

Reusing passwords poses a significant danger. Anyone with access to one set of hacked or corrupted keys will use them to break into other accounts.

17. Multi-Factor Authentication blocks 99% of all password safety issues.

(Source: Microsoft)

If Multi-Factor Authentication (MFA) is enabled on an account, you have to perform two or more steps to gain access to it. These may include a password, a text or email code, or biometric solutions.

Creating safe passwords and remembering them all can be difficult. This partially explains why so many people use a bad password and reuse it across different accounts.

If this describes you, you are not alone. However, the trends are shifting and you should change your habits too if you want your information to be safe.

Let’s dive right into the latest password trends:

18. The fourth most common password is “password.”

(Source: Cybernews)

Security experts advise using unique passwords, two-factor authentication, and password managers for added security. Still, people continue to rehash insecure passwords that even a novice cybercriminal can crack in a matter of seconds.

Here’s the list of the top ten most commonly used passwords in the world:

  1. 123456
  2. 123456789
  3. Qwerty
  4. Password
  5. 12345
  6. Qwerty123
  7. 1q2w3e
  8. 1234 5678
  9. 111111
  10. 1234567890

19. Alternative methods of authentication are making a breakthrough.

(Source: Weforum)

Although alternate authentication methods are becoming more prevalent, passwords are here to stay. 

Supplementing traditional passwords with newer technologies, such as biometrics and multi-factor authentication, can reduce the frequency of password hacks.

Just because passwords aren't good enough to stand on their own doesn't mean they're useless in terms of protection.

20. Some researchers believe that all passwords can be eliminated over the next five years.

(Source: Naratek)

The passwordless revolution is the product of a technological tipping point. Consumers have been primed for biometric authentication thanks to systems like Apple's Touch and Face ID.

But passwordless implementations go even beyond that. Sure, a person may use face, touch, or voice recognition, but applications could soon be based on spatial identifiers.

Behavior-based authentication analyzes the users’ habits and recognizes patterns, completely eliminating the need to use passwords for logins.

21. Multi-factor authentication is becoming the new standard.

(Source: Techbeacon)

Many people consider multi-factor authentication (MFA) to be the gold standard. Given this, organizations will increasingly turn to application-based MFA, such as Google Authenticator.

In fact, 2022 might be the year when MFA will become the norm.

Protecting Your Data by Following These Basic Password Habits

Your passwords can be hacked through a variety of methods, including brute force attacks, credential stuffing, and hash cracking.

Do you want to stop being a part of the unfavorable numbers and trends? Use these guidelines to create secure passwords and keep them intact.

  • Make solid passwords out of a random mixture of characters, symbols, or long paraphrases.
  • Change your password at least once every three months.
  •  Never use the same password twice or re-enter an older one. Come up with a new one for each service.
  • Take note of where you type your password. To guarantee that the traffic is encrypted, always look for the SSL certificate on the website's URL.
  • Enable two-factor authentication. Although this is not a tip for creating the perfect password, it will provide a new layer of protection to your accounts. If anyone hacks your password, they will be asked to authenticate the username via SMS or email, so you’ll know immediately.
  •  Never write down your passwords, particularly those for banking and social media. If you have difficulty remembering them, use a password manager like Lastpass, NordPass, Keeper Security, and others.

For more tips, read our comprehensive guide on how to protect your online identity.

Wrap Up

But what is the most important lesson from these fascinating password stats?

Some findings are encouraging, showing that people are becoming more aware of the importance of solid, safe passwords. But far too many users continue to rely on old and weak login credentials, putting their protection at risk.

Instead of trying to come up with easy or fun passwords, use something that is difficult to guess, complicated, and safe.

When it comes to accounts that have little to no confidential information, it may seem like a minor problem. But the password statistics above clearly show the danger you’re exposing yourself to.

If you use the same password for several accounts, cracking one of those less-important accounts unlocks the door to your digital life. If you haven’t developed strong password habits, take the first step now.

Branko Krstic
Branko Krstic

Branko is a round-the-clock tech geek and loving it. His ideal vacation destination is the Akihabara District (or really any place he can take his computer). If there’s a server out there, count on him to find out what it’s made of… and tell you all about it.