139 password statistics to help you stay safe in 2024

From private conversations to retirement savings, so much of your personal life lies behind passwords.

Because of this, hackers may direct their efforts toward stealing your passwords to gain access to your files, money, or even your identity. Fortunately, prioritizing your password security can help reduce these risks.

Now that you know about the importance of strong password security, you can use these password statistics and tips to inform how you should create a strong password.

Top password statistics to know

Let’s face it. If you use any internet-connected devices or accounts, you’ve had to create a password. And because passwords are so common, it can be easy to let them fall by the wayside as you aim to stay safe online.

Before diving into the nitty gritty of password security statistics, here are the top statistics to know:

1. In 2022, over 24 billion passwords were exposed by hackers. (Digital Shadows, 2022)
2. More than 80% of confirmed breaches are related to stolen, weak, or reused passwords. (LastPass, 2021)
3. Nearly 60% of individuals make their passwords stronger as a result of noticing unauthorized access to their accounts or devices. (Norton, 2021)
4. 91% of people understand that reusing passwords is a security risk. (LastPass, 2021)
5. On average, it takes 14 seconds to type out a password. (LastPass, 2021)
6. Only half of internet users are somewhat familiar with best practices of password security. (Bitwarden, 2022)
7. Internet users who don’t use password managers are three times more likely to be affected by identity theft. (Security.org, 2023)

Weak password statistics 

When it comes to creating a hack-proof password, strength is key. You should also create unique passwords for each of your accounts and devices. To help you better understand the dangers of using a weak password, read through these weak password facts and statistics.

1. More than 6 in 10 people admit to reusing passwords. (LastPass, 2022)
2. The most common password is “123456.” (Reader’s Digest, 2023)
3. 27.5% of individuals state their oldest password is three to five years old. (Beyond Identity, 2021)
4. 18% of individuals use their pet’s name in their passwords. (Security.org, 2023)
5. Only 12% of people always use unique passwords. (LastPass, 2022)
6. 96% of the most common passwords can be cracked by hacking tools in less than one second. (Digital Shadows, 2022)
7. More than 1 in 4 individuals are unsure of when they changed their email password last. (PC Matic, 2022)
8. 64% of passwords only contain eight to 11 characters. (Security.org, 2023)
9. Only 10% of consumers report using a password to log in to their social media accounts in the past 60 days. (FIDO Alliance, 2022)
10. 21% of individuals admit including their birth year in their password. (Security.org, 2023)
11. Almost three-fourths of those who’ve tried to guess someone's password have been correct. (Beyond Identity, 2021)
12. 69% of the time, Gen Z uses a variation of a single password. (LastPass, 2022)
13. Less than half of Americans strongly believe that their passwords are safe. (Security.org, 2023)
14. 1 in 10 individuals believe that someone could correctly guess their passwords just by looking at their social media accounts. (Beyond Identity, 2021)
15. Nearly 40% of people admit sharing their personal passwords with others. (Security.org, 2023)
16. 89% of people realize that using the same password is a security risk, but only 12% of them switch passwords between accounts. (LastPass, 2022)
17. Adding a single special character to a common 10-character password can increase the time it takes for hackers to crack your password by 1.5 hours. (Digital Shadows, 2022)
18. 13% of people use the exact same password for all of their accounts. (Google, 2019)
19. Nearly 40% of individuals haven’t changed their Wi-Fi password since the day they set it up. (PC Matic, 2022)
20. More than one-third of individuals admit they’d be embarrassed if they had to read their password aloud. (Beyond Identity, 2021)
21. 12% of people include their partner’s name in their passwords. (Security.org, 2023)
22. 13% of people admit that they put the same level of effort into creating passwords, no matter what type of account it is for. (LastPass, 2022)
23. 61% of those affected by password hacking had passwords that were shorter than eight characters. (Security.org, 2023)
24. Less than 50% of individuals believe that the password to their music streaming account is secure. (Beyond Identity, 2021)
25. Only 11% of consumers report using a password to log in to their streaming accounts in the past 60 days. (FIDO Alliance, 2022)
26. 10% of people have used the same password since middle or high school. (Beyond Identity, 2021)
27. 50% of IT leaders believe that passwords are too weak a security measure. (Ping Identity, 2022)
28. 2.2% of people report using a password that is over 21 years old. (Beyond Identity, 2021)
29. Nearly one-fourth of individuals say they’d share their password with a roommate. (Beyond Identity, 2021)

Password breach statistics

Because so much important information is locked behind passwords, hackers may utilize cyberattacks like smishing or website spoofing to try and steal your password. Or your passwords could end up exposed in a data breach that could leave your account vulnerable to attacks.

To get a clear picture of how common these breaches are, pore over these password hacking statistics:

1. Nearly 1 in 4 individuals were affected by a data breach in the last 18 months. (Bitwarden, 2022)
2. 65% more passwords were compromised in 2022 than 2020. (Digital Shadows, 2022)
3. 38% of Americans report having at least one of their passwords cracked or guessed. (Security.org, 2023)
4. 12% of individuals know someone who has been affected by password breaches. (Ponemon Institute, 2020)
5. 63% of social engineering attacks involve compromised credentials such as passwords. (Verizon, 2022)
6. More than one-third of individuals admitted to trying to guess someone's password. (Beyond Identity, 2021)
7. 1 in 10 adults have used the knowledge of their romantic partner’s password to access their online accounts, such as social media profiles. (Norton, 2022)
8. 26% of individuals state they’ve never had any of their passwords knowingly breached. (Beyond Identity, 2021)
9. 37% of IT security professionals are highly alarmed about the potential risks to the privacy and security of their private information. (Ponemon Institute, 2020)
10. On average, brute-force password cracking tools cost hackers $4 on criminal marketplaces. (Digital Shadows, 2020)
11. Almost 60% of IT security professionals state that their customers’ accounts have been targeted by account takeovers. (Ponemon Institute, 2020)
12. In social engineering breaches, use of stolen credentials is the most common action by hackers. (Verizon, 2022)
13. Of the 24 billion credentials compromised in 2022, only 6.7 billion of them were unique pairings of usernames and passwords. (Digital Shadows, 2022)
14. Over 80% of basic web application attacks are a result of stolen passwords. (Verizon, 2022)
15. Login credentials for banking and other financial accounts sell for an average price of $70.91 on cybercriminal marketplaces. (Digital Shadows, 2020)
16. 23% of individuals have had their personal email accounts compromised. (Beyond Identity, 2021)
17. Over half of those affected by an account takeover start changing their passwords more frequently. (Ponemon Institute, 2020)
18. Nearly 18% of individuals have had their online banking accounts compromised. (Beyond Identity, 2021)
19. 35% of individuals affected by an account takeover begin using two-factor authentication (2FA) and multi-factor authentication (MFA) when possible. (Ponemon Institute, 2020)
20. More than a quarter of individuals report having had their password knowingly breached three to four times. (Beyond Identity, 2021)
21. 32% of individuals have been affected by identity theft. (Ponemon Institute, 2020)
22. 34% of those affected by a data breach were informed by their password manager. (Bitwarden, 2022)
23. 35% of survey respondents have been affected in an account takeover. (Ponemon Institute, 2020)
24. 8 in 10 mail server attacks are a result of stolen passwords. (Verizon, 2022)
25. Of those who’ve tried to guess someone else’s password, 18.4% said they looked through their social media profiles beforehand to find helpful information. (Beyond Identity, 2021)
26. The average cost of login credentials for a single account on criminal marketplaces is $15.43. (Digital Shadows, 2020)
27. Over half of individuals who’ve tried to guess someone else's password have admitted to trying to guess the password of their significant other. (Beyond Identity, 2021)
28. Over 40% of breaches involved the use of stolen credentials such as passwords. (Verizon, 2022)
29. Almost 1 in 4 of individuals who’ve tried to guess someone else's password have admitted to trying to guess the password of their child. (Beyond Identity, 2021)
30. The average price of a login credential related to local government is $3,217. (Digital Shadows, 2020)
31. Nearly 70% of basic web application attacks involve the breach of user credentials including passwords. (Verizon, 2022)
32. Of those who’ve tried to guess someone else’s password, 15.6% said they looked through the person’s personal files for helpful information. (Beyond Identity, 2021)

Personal password use statistics 

Like most things, password use and opinions about it can differ from person to person. To get a better understanding of people’s personal password use, from their bank accounts to social media, check out these personal password statistics:

1. On average, individuals reuse passwords on 10 of their personal accounts. (Ponemon Institute, 2020)
2. Nearly 7 in 10 password users are using MFA. (SANS, 2021)
3. More than half of people state that they want to create a stronger password for their email accounts. (LastPass, 2022)
4. 44% of individuals are most concerned about protecting their login credentials. (Ponemon Institute, 2020)
5. The average person spends nearly four minutes resetting their password whenever they forget it. (ExpressVPN, 2022)
6. 27% of individuals use random password generators to help come up with a new password. (Security.org, 2023)
7. One-third of consumers have reported giving up on accessing an online service one to two times as a result of a forgotten password. (FIDO Alliance, 2022)
8. More than half of individuals say they would prefer a security measure that doesn’t involve the use of passwords. (Ponemon Institute, 2020)
9. 37% of individuals report learning the most about secure passwords through their own research. (Beyond Identity, 2021)
10. 69% of people report that they would want to create a stronger password for financial accounts. (LastPass, 2022)
11. 38% of password users believe that using MFA makes their life too difficult. (SANS, 2021)
12. Nearly 70% of individuals think that their online banking account password is secure. (Beyond Identity, 2021)
13. 79% of internet users log in to websites using passwords multiple times a day. (Bitwarden, 2022)
14. Nearly 60% of people believe that their online accounts are more secure than the average person. (Google, 2019)
15. 41% of internet users report managing passwords for 10-25 websites. (Bitwarden, 2022)
16. 89% of individuals report that their Wi-Fi network is password protected. (PC Matic, 2022)
17. Nearly 40% of Americans experience a high level of password fatigue. (Beyond Identity, 2022)
18. 30% of individuals report spending the most time resetting the passwords to their online banking accounts. (ExpressVPN, 2022)
19. 78% of people with high password fatigue report experiencing negative effects on their mental health. (Beyond Identity, 2022)
20. 36% of individuals use 2FA to help secure their online accounts. (Ponemon Institute, 2020)
21. More than 50% of consumers report entering their password as the way they log in to their financial services accounts. (FIDO Alliance, 2022)
22. Nearly 1 in 4 consumers report not following through with one to two purchases as a result of forgotten passwords. (FIDO Alliance, 2022)
23. Nearly half of individuals state that they want to increase the security of their online accounts. (Ponemon Institute, 2020)
24. More than 70% of Americans use the cloud to store their passwords. (Beyond Identity, 2022)
25. 38% of consumers cite entering a password as their primary method for logging into the metaverse. (FIDO Alliance, 2022)
26. 42% of individuals report using curse words in their passwords. (Security.org, 2023)
27. More than 50% of social media users use a unique password for each of their social media accounts. (YouGov, 2022)
28. 61% of individuals don’t reuse personal passwords for their work accounts. (Ponemon Institute, 2020)
29. 1 in 4 internet users save their passwords in their web browser. (Security.org, 2023)
30. Nearly 70% of individuals say they’d share their password with a spouse or partner. (Beyond Identity, 2021)
31. Over half of individuals claim that use of 2FA disrupts their workflow. (Ponemon Institute, 2020)
32. 1 in 4 individuals report learning the most about secure passwords from their employer. (Beyond Identity, 2021)
33.  34% of internet users reset their passwords monthly. (Bitwarden, 2022)
34. 68% of people report prioritizing security over memorability when creating a password. (Bitwarden, 2022)
35. After receiving some type of cybersecurity education, only 31% of people quit reusing the same password. (LastPass, 2022)
36. 37% of individuals use browser extensions to help autofill their passwords. (Ponemon Institute, 2020)
37. People over the age of 50 are more likely to use different passwords for each of their accounts. (Google, 2019)
38. 1 in 4 millennials use password generators to create passwords for their social media accounts. (Beyond Identity, 2021)

Business password statistics

In comparison to your passwords for personal use, you may have different thoughts about your passwords in the workplace. On top of that, you may have to follow stricter cybersecurity protocols, with over 65% of organizations having a set password policy for their employees. To see how cybersecurity and password use differs in the workplace, read through these business password statistics:

1. On average, employees type out login credentials 154 times per month. (LastPass, 2021)
2. Employees reuse passwords an average of 13 times. (LastPass, 2021)
3. 2 in 10 employees state that their employer issues them a password for their work accounts. (PC Matic, 2022)
4. More than three-fourths of employees state having regular usage problems related to passwords. (LastPass, 2021)
5. The average employee uses 191 different logins. (LastPass, 2021)
6. 6 in 10 individuals in the U.S. report that their organization changes its password security practices after experiencing a cyberattack. (Ponemon Institute, 2020)
7. 63% of people believe that workplaces should provide employees with password managers. (Bitwarden, 2022)
8. 65% of IT leaders believe their company will adopt passwordless authentication in the future. (Ping Identity, 2022)
9. Employees at companies with less than 1,000 employees reuse passwords more than larger companies. (LastPass, 2021)
10. Roughly 3 in 10 employees create strong passwords for their work accounts. (LastPass, 2022)
11. 92% of IT leaders believe that hybrid work has made their employees less cautious with their passwords. (Ping Identity, 2022)
12. On average, a 250-person company has nearly 48,000 passwords in use within the organization. (LastPass, 2021)
13. Employees spend 36 minutes a month typing out passwords. (LastPass, 2021)
14. Three-fourths of employees set their passwords themselves at work. (PC Matic, 2022)
15. Employees who work for media or advertising companies tend to reuse passwords more than employees in other industries. (LastPass, 2021)
16. Due to the time spent resetting passwords, the average company loses $480 worth of productivity each year per employee. (Beyond Identity, 2022)
17. 23% of employees use their smartphones to access their stored passwords. (LastPass, 2021)
18. 67% of IT professionals report that their organization requires periodic password changes. (Ponemon Institute, 2020)

Password management statistics 

From password managers to sticky notes, people use a variety of methods to help keep track of their passwords. To help you see how the masses are managing their passwords, check out these password management statistics:

1. 45 million people rely on password managers to keep track of their passwords. (Security.org, 2023)
2. More than three-fourths of individuals changed how they managed their passwords after being affected by an account takeover. (Ponemon Institute, 2020)
3. Nearly two-thirds of internet users keep track of their passwords by memory or with handwritten notes. (Security.org, 2023)
4. 1 in 4 internet users reuse their password manager’s master password for other accounts. (Security.org, 2023)
5. Nearly 35% of password manager users state that their primary use of password managers is to ensure they are using unique passwords across different accounts. (SANS, 2021)
6. 47% of millennials are more likely to memorize their passwords. (LastPass, 2022)
7. Nearly 85% of internet users who use a password manager use it on their phone. (Security.org, 2023)
8. Half of password manager users use it for only their personal accounts. (Security.org, 2023)
9. Almost 1 in 4 people rely on a document on their computer to manage all of their passwords. (Bitwarden, 2022)
10. Nearly 70% of password manager users use free password managers. (Security.org, 2023)
11. 1 in 10 password manager users spend $1-$20 a year on their password manager. (Security.org, 2023)
12. Less than 40% of organizations require the use of a password manager. (Ponemon Institute, 2020)
13. 46% of password manager users use a password manager for both personal and work accounts. (Security.org, 2023)
14. Roughly 3 in 10 password manager users use password management tools to ensure they have easy access to their passwords. (SANS, 2021)
15. 28% of those who don’t use password managers believe they are unsafe. (Security.org, 2023)

11 tips for improving your password security

Now that you understand the importance of strong password security and the many ways hackers try to take advantage of it, you may wonder how you can improve your password security.

To help ensure you’re doing the best you can to increase your Cyber Safety, follow these password security best practices:

1. Avoid using personal information: When creating a password, avoid using personal information like your name, birthday, or pet’s name.
2. Use a unique password for every account: Try to avoid using the same password for everything. That way, if a hacker finds one of your passwords, your other accounts will remain secure.
3. Enable two-factor authentication: Enabling 2FA wherever possible provides an additional layer of security between a hacker and your personal information.
4. Don’t share your passwords: To ensure your passwords never end up in the wrong hands, avoid carelessly sharing them with others.
5. Increase your password length: By increasing the length of your passwords, you can make it harder for hackers to guess them. It’s recommended that you create a password longer than 16 characters.
6. Avoid writing your passwords down: If you keep all your passwords written down on paper, your online security could be jeopardized if it ends up in the wrong hands.
7. Use special characters and numbers: By sprinkling in numbers and special characters, you can create more secure passwords that are harder to crack.
8. Avoid using common words and phrases: Instead of using common words and phrases, use random patterns to help protect your passwords from hacking methods like dictionary attacks.
9. Regularly monitor your accounts: Always keep an eye out for any suspicious activity or login alerts that may be a result of a compromised password.
10. Change your passwords regularly: To maximize your security, it is recommended that you change your passwords every few months to ensure you’re staying ahead of any hackers or potentially unknown data breaches.
11. Start using a password manager: Password managers are a great way to help you safely keep track of all your unique passwords. In some cases, a password manager may also help you ideate strong passwords.

If you’re concerned about your password security and are looking for a secure and simple way to manage your passwords, it’s smart to consider using a password manager like Norton Password Manager, which can help you manage your passwords across devices and pinpoint any weaknesses in your logins.

Password statistics FAQs

If these password statistics have you wondering more about password security, read through these answers to some common password questions.  

How do I know if my password is too common?

You can check and see if your password is too common by running it through a password strength checker. To help keep your password unique, be sure to include a mix of letters, numbers, and special characters. In addition, avoid using personal information and try to make your password over 16 characters long.

How many passwords does the average person have?

According to Dashlane, the average person has 240 accounts that require a password.

How often should you change your passwords?

It is recommended that you change your passwords every few months. If you ever suspect that your accounts have been compromised, change your passwords immediately. 

Can hackers steal my data if my password is cracked?

Yes. If a hacker is able to gain full access to your account using a password, then they will be able to access anything you would usually be able to access using your password. Because of this, it’s important to enable 2FA whenever possible, as it may be able to prevent a hacker from gaining complete access even if they guess your password.