Hello friend! Do you reuse the same password across multiple accounts? Do you include your pet‘s name or other personal info in your passwords? If so, you may be unwittingly putting your security at risk.
Our latest password statistics study uncovered some alarming insights:
- 84% of people use unsafe password practices
- More than half have just 5 or fewer passwords total
- 45% continue using 10-year old passwords
- 50% who share passwords reuse them elsewhere too
In this comprehensive guide, we’ll break down widespread password security mistakes. And we’ll provide actionable advice to help strengthen your login credentials.
Let‘s first look at the research insights. Then we‘ll cover specific tips to fix poor password hygiene.
Key Research Findings on Password Security
We surveyed 1,000 adults in the US about their password habits and behaviors. The results reveal many unsafe practices leaving people vulnerable.
52% of People Rely on 5 or Fewer Passwords
Given the multitude of accounts the average person has, limiting yourself to just a handful of passwords almost guarantees reuse across logins.
Yet our research found that more than half of people rely on 5 or fewer unique passwords total.
Think about it this way – between personal and work emails, social media, streaming services, utilities, memberships, and more, most of us have dozens or hundreds of accounts.
With only a few passwords to go around, there‘s no way to have a unique password for each without reusing credentials repeatedly.
To confirm this, we found that 1 in 8 people actually do have over 25 completely unique passwords. So it is possible to have separate, strong logins – it just takes more work.
84% Use Personal Information in Passwords
Another pervasive dangerous practice is including personal information in your passwords.
Our survey showed a full 84% of people admit to using an unsafe personal detail like:
- Pet names
- Significant other‘s birthday
- Their own birthday
- Favorite sports team
It‘s easy to see why people do this – incorporating personal info can help you remember passwords.
But it also makes your credentials incredibly easy to crack with just basic personal knowledge or simple social engineering.
Avoid any personal dates, addresses, names, locations, or other specific details in passwords.
Reusing Breached Passwords Remains Common
Large scale security breaches have exposed billions of passwords to hackers over the years. Yet many people continue using those same compromised passwords.
Our research suggests:
37% of People Have Had Passwords Leaked
Over one third of respondents admit having at least one password exposed in a data breach.
Major breaches like LinkedIn, MyFitnessPal, Facebook, and more have put billions of passwords into circulation online.
With so many breaches, there‘s a good chance some variation of your passwords are available to cybercriminals.
1 in 7 Still Use Exposed Passwords
Given the frequency of leaks, best practice is to immediately stop using any password that‘s been compromised as part of a breach.
However, our research disturbingly found 14% of people continue using passwords even after they‘ve been leaked online.
This represents extremely high risk behavior. If you reuse exposed credentials elsewhere, hackers can access your other accounts.
Always immediately change any password that you know has been compromised. And never reuse it on any accounts.
How People Store and Manage Passwords
With the growing number of accounts and logins, how do people actually keep track of all their passwords?
Our research found 3 primary methods in use:
40% Try to Remember Passwords
The most common approach is simply trying to memorize your passwords. But realistically, most people can only remember so many complex passwords.
Relying solely on memory leads many to default back to reusing simplistic or common credentials.
37% Write Down Passwords
Nearly as many respondents admit to writing down passwords. This could be in a notebook, on sticky notes, or in an unsecured digital document.
While writing down passwords helps you remember them, it leaves your accounts vulnerable if anyone gains access to your written passwords.
31% Use a Password Manager
About 1 in 3 people rely on a dedicated password manager app like LastPass. These tools securely store passwords in encrypted vaults and autofill them when needed.
Password managers represent one of the most secure ways to generate, store and track multiple complex unique passwords.
Additional Steps to Protect Passwords
Beyond just password creation and storage, there are other important steps people can take to enhance login security:
- Using two-factor authentication (2FA)
- Changing passwords proactively
- Connecting to VPNs on public Wi-Fi
But how many people actually follow these practices?
66% Enable 2FA When Offered
The most common safety precaution people reported is taking advantage of two-factor authentication when available.
2FA introduces an extra layer of identity confirmation beyond just a password. This could involve getting a one-time passcode sent to your smartphone when logging in.
Just 32% Change Passwords Proactively
However, only about 1 in 3 users said they proactively change passwords before expiration. Regular updates can limit the damage if a password does get leaked.
Many people only change passwords when forced to by a site or app.
20% Connect Via VPN on Public Wi-Fi
Just 1 in 5 respondents reported connecting to a Virtual Private Network (VPN) when accessing public Wi-Fi.
Without encryption, your information and passwords are exposed on public hotspots.
15% Do Nothing Beyond Creating Passwords
Worryingly, 15% of people admit to taking zero additional steps to safeguard passwords beyond simply creating a (likely weak) password.
This represents highly reckless behavior in today‘s threat landscape.
Password Sharing Remains Very Common
While always risky, sharing login credentials with others is relatively widespread. For example:
Overall, 57% of people admit to sharing passwords for at least one account. Most common are streaming services like Netflix, Hulu, Disney+ and more.
Giving someone your password creates multiple risks. For example, if they expose it through reuse elsewhere or you later can‘t access your own accounts.
What‘s hugely concerning is that 50% of people who share passwords are actually using the same credentials they have given out to others on additional accounts too.
So your Netflix password could also grant someone access to your personal email, bank account, or other sensitive logins if they try reusing it.
Never share passwords that are used on any other accounts. And if you do opt to share credentials, immediately change them afterward.
Expert Insights on Password Safety
To dig deeper into recommended best practices, we consulted leading cybersecurity experts:
- Dr. Sepideh Ghanavati – Assistant Professor of Computer Science at the University of Maine
- Dr. Sachin Shetty – Associate Director and Professor at Old Dominion University
- Dr. David Bader – Distinguished Professor and Director at New Jersey Institute of Technology
- Dr. Daniel Ostergaard – Clinical Professor at the University of South Carolina
Here are key tips from our panel on improving password hygiene:
How Often You Should Change Passwords
Our experts recommend changing passwords:
- Every 90 days or 365 days
- Whenever you learn about a relevant breach
- Upon ending any relationships (personal or work)
Frequent rotation leads to password fatigue. But occasional updates help limit damage from potential leaks.
Avoid Compromised or Leaked Passwords
To keep credentials secure, our experts emphasize:
- Never reuse passwords across different accounts
- Introduce randomness – avoid patterns, dates, names, words
- Enable two-factor authentication (2FA) for an added layer of login protection
- Use a password manager to generate and store strong unique passwords
- Immediately change exposed passwords that are part of known breaches
Are Password Managers Risky to Use?
Our panel agreed dedicated password managers are generally secure for most people when used properly.
The risks are relatively low if you:
- Use a password manager from a trusted mainstream provider
- Protect your master password manager login with a very strong password
The benefits of auto-generated secure passwords outweigh the minimal risks – especially compared to reusing simple credentials across accounts.
10 Important Tips to Strengthen Your Password Security
Based on these expert recommendations and our latest research, here are 10 tips to immediately improve your password hygiene:
- Use a password manager – Let a trusted tool like LastPass or 1Password generate and store unique complex passwords for you across all accounts.
- Enable two-factor authentication (2FA) – Add an extra layer of identity confirmation when logging into sensitive accounts via codes sent to your phone.
- Never reuse passwords – Have a completely unique password for every single account to limit damage from potential leaks.
- Introduce randomness – Use password generators to create passwords with random combinations of upper and lower case letters, numbers, and symbols.
- Avoid personal info – Never include names, dates, locations, or any personal details in passwords.
- Connect via VPN on public Wi-Fi – Always encrypt your connection on unsecured public networks to protect passwords and data.
- Change exposed passwords immediately – If any password appears in a known breach, change it right away on all your accounts and never reuse it again.
- Be extra vigilant with financial accounts – Use extremely strong unique passwords for banking, investment, and shopping accounts. Enable 2FA everywhere possible.
- Consider biometric logins when available – Fingerprint or facial recognition logins on phones provide an added layer of convenience and account protection.
- Change passwords periodically – Update your passwords every 90 days or 365 days as a precaution, even without evidence of a breach.
Taking these steps requires more work upfront. But doing so provides immense protection against devastating password mismanagement.
Potential Dangers of Reused and Weak Passwords
Hopefully this data gives you a better grasp of problematic password habits that put people at risk. Failing to improve your password hygiene makes you highly vulnerable to:
- Hackers accessing your accounts – Weak reused passwords allow cybercriminals into your accounts if credentials are leaked. They can then steal your identity, make unauthorized purchases, or access personal data.
- Losing control of your subscriptions – If you reuse your Netflix password, password sharing could allow someone to lock you out of your own paid accounts.
- Major financial fraud or theft – Reused passwords on banking and money accounts make you extremely susceptible to drained accounts.
- Embarrassing personal details exposed – You don‘t want sensitive information on dating profiles or social media falling into the wrong hands.
Take a few minutes today to implement more secure passwords and account protections. Doing so helps shield you, your data, and your digital life from catastrophic password mismanagement.
Stay safe online my friend! Let me know if you have any other password security questions.