33 Password Statistics You Need to Know for Your Cyber Safety

Have you created a weak password such as “12345678” or “123456” to protect your personal account on any website or application? If your answer is yes, it is very likely that one day, at some point, one of these easy password alternatives has been compromised.

With the undeniable effect of the widespread use of IoT applications, a significant increase is observed in password violation cases in recent days. As a matter of fact, your refrigerator or washing machine's date exchange rate far beyond than you think makes it inevitable to encounter sensitive data breaches if you use passwords like"mysweetheart".

This situation, of course, does not only apply to individual users. Organizations, which are important actors in the business world, may have to cope with serious data losses and negative financial statements if they do not attach enough importance to password security protocols. In this article, we'll explore 33 striking statistics compiled from different areas on why it's important to use a strong password.

Statistics on Password Breach Cases 

Password statistics related to violation cases and the widespread use of these statistics in extremely wide areas clearly reveal the gravity of the situation. For instance, current cyber-attack statistics show that 1.67% of Android malware is password trojan. Other striking statistics below prove how important password security is.

1. Hackers have posted more than 555 million stolen passwords on the dark web since 2017. (Cnet, 2020). In 27 of these cases, the passwords of others were tried to be guessed, and in 17 of them, the correct results were reached.
2. 80% of cyber security violation cases result from stolen and reused login information. (Verizon, 2020)
3. The source of 81% of data violations in organizations are weak passwords. (TraceSecurity)
4. Script attacks that try to guess usernames and passwords occur globally in every 39 seconds. (WebsiteBuilder.org, 2021)

Data on violations are like this in general. Well, if you're wondering how the situation is in the business world, the next set of statistics will satisfy your curiosity.

Business World Password Statistics

1. Source of remarkable findings in the password statistics of the business world is generally remote working methods and business models that have changed with digital transformation.
2. 49% of IT security professionals and 51% of individual users share their passwords with colleagues to access their business accounts. (Yubico and Ponemon Institute)
3. 57% of participants admitted that they wrote work-related online passwords on sticky notes, and 67% of these respondents said they lost those notes. (Keeper Security)
4. 51% of the participants stated that they used their personal mobile devices to access work-related items, and 56% of this group mentioned they did not use 2FA method. (Yubico and Ponemon Institute)
5. 44% of participants admit that professional accounts share their usernames and passwords while working remotely. (LastPass)
6. Only 35% of the employers who participated in the survey stated that they enabled their employees to update their passwords more regularly while working remotely. (LastPass)
7. 59% of IT security professionals stated that organizations rely on human memory for password management. (Yubico and Ponemon Institute)

After discussing the highlights of the business world's password statistics, let's examine the statistics on password security in detail in general framework.

Password Security Statistics

Let's take a look at the data obtained from different studies to discuss the statistics on password security in detail in general framework.

1. 76% of young generation do not pay attention to password security. (Digital Guardian)
2. 76% of people between the ages of 18-24 are quite likely to reuse a password they set before. While this rate is 62% in 65+ people, the age range with the highest rate is 18-24. (Digital Guardian)
3. 43% of United States citizen internet users share their passwords with others. (Google)
4. According to surveys, nine out of ten people are concerned that their passwords may be stolen or attacked. Still, it is emphasized that 90% of the passwords they use are open to cyber attacks. (Avast)
5. Following the Gmail data leak in 2014, 5 million violated passwords were reviewed. It has been found that the majority of both men's and women's passwords are eight characters long. (WPEngine)
6. 69% of employees share their passwords with their colleagues. (Betanews)
7. According to Security.org, a study found that 15% of participants used their own names in their passwords. (Security.org)
8. Employees reuse their login credentials 13 times on average. The reuse of login credentials that have been subjected to a series of attacks greatly simplifies the process of obtaining passwords for cyber attackers. (Logmein)
9. Multi-Factor Authentication (MFA) prevents 99% of password security issues by enabling secure password use. (Microsoft)
10. In 2021, 93% respondents to a data security survey stated that passwords in their banking and financial accounts were the most important thing to secure. (Duo Labs)
11. Breaking a 12-character password takes 62 trillion times longer than breaking a 6-character password. (Scientific American)
12. 67% of organizations use password management policies, but only 34% of them say that they strictly enforce them. (Yubico and Ponemon Institute)
13. 10 most frequently used passwords in the world are as follows:
    • 123456
    • 123456789
    • Qwerty
    • Password
    • 12345
    • Qwerty123
    • 1q2w3e
    • 12345678
    • 111111
    • 1234567890

After looking at the password security statistics from a general point of view, we will examine the violations on a sectoral basis and expand our perspective more.

Password Security Statistics by Sectors

Many industries fall short of establishing the right password security policies. Below you can find some interesting statistics that stand out from different sectors.

1. "Passsword" and "Vacation" are among the most popular passwords in all sectors. I don't think we need to tell you how disastrous this choice is. (NordPass)
2. Technology and software sectors (37%) are more likely to adopt multi-factor authentication than law and insurance sectors (20%). (LastPass)
3. 59% of financial service companies have more than 500 passwords that do not expire. (Varonis)
4. Small businesses with fewer than 25 employees had an average of 85 passwords per employee. (LastPass)
5. About one-third of hospitals and healthcare systems plan to implement 29% biometrics by 2023. (HIMSS)
6. In all sectors, it took an average of 280 days to detect and contain a data violation. (IBM)
7. Employees in the media/advertising industry have the highest average password per employee, with an average of 97 passwords per employee. (LastPass)
8. Employees working in the media/advertising sectors tend to reuse passwords at almost twice the rate of other sectors. (LastPass)
9. Employees in the government sector have the least average password per employee, with an average of 54 passwords per employee. (LastPass)

6 Tips to Improve Your Password Security

You can secure your personal passwords and your organization's IT infrastructure by reviewing the 6 tips that will help you improve your password security.

1. Calculate the password entropy: Password entropy allows you to determine whether a password can be easily broken. For a strong entropy, you must create a password of at least 8 characters, with upper/lower case letters, and special characters.
2. Use random passwords for each account: Usedifferent passwords for all your accounts. Make sure that not only some but all passwords are different.
3. Review regulatory and standard requirements: If you have an IT infrastructure that is compatible with SOC 2-like security frameworks, use a password manager to meet cyber security requirements.
4. Choose 2FA or multi-factor authentication: In an IT network using these systems, a user must authenticate two or more factors to log in. In these systems, biometric data and short-term codes sent to mobile devices are used.
5. Use a password administrator: By using password manager systems, you can securely store all your passwords in different accounts.
6. Prevent password sharing: You can preventpassword sharing between your employees by using the password vault feature. By using a password manager with password vault feature, you can also protect the passwords of users with privileged access in isolation from the network.

Password Vault and MFA Solutions Improve Password Security

You can take advantage of Multi-Factor Authentication (MFA) and Password Vault features, which are an important part of Privileged Access Management (PAM) solutions to ensure password security. Playing a key role in helping the PAM ecosystem make your IT infrastructure more secure against cyber attacks, MFA provides a high-level layer of security with strong password, geolocation and OTP features. On the other hand, Password Vault offers another cyber security capability that allows you to apply one or two-level administrator approval processes for password access with the management approval feature without showing the passwords. In this way, you can eliminate both password sharing and the internal & external threats.

If you want to make passwords more secure for your users and/or IoT devices accessing critical data areas, you can provide advanced protection against cyber attacks by using Multi-Factor Authentication (MFA) and Password Vault products. You can contact us for all your questions about our Multi-Factor Authentication and Password Vault solutions.