These days, most of us have a number of online accounts. Whether they’re for work, banking, shopping, or entertainment, they all require a password.
Coming up with new passwords and keeping track of them all can be challenging. As a result, many people use the same or similar credentials across their accounts, compromising their security.
How common is this problem? Let’s look into some recent password reuse statistics to find out!
Shocking password reuse statistics
Here’s an abstract that might make your jaw drop:
- 52% of people online use one password for multiple accounts.
- 13% of people have just one password.
- Only 8% of people online have never reused a password.
- Two-thirds of people make similar passwords to the ones they already have.
- Poor and reused passwords lead to 80% of breaches.
- 78% of Gen-Z say they use one password for more than one account.
- 75% of people find managing passwords frustrating.
General password reuse stats and facts
First, let’s look at some of the most interesting stats on password reuse.
1. 52% of people use the same password for multiple (but not all) accounts.
(Source: Google/Harris Poll)
According to a recent survey by Google in partnership with Harris Poll, over half of people stick to one password for multiple accounts.
Password reuse increases account vulnerability. Essentially, the exposure of one account’s login info puts others at risk.
2. 13% of people reuse one password for all their accounts.
(Source: Google/Harris Poll)
The same Google and Harris Poll study showed that 13% of people use only one password for all their accounts. This increases the risk of a breach even more. Hackers gaining access to one of your accounts would mean having all of them compromised.
3. 49.3% of users only reuse passwords for non-critical accounts.
(Source: Digital Guardian)
While never recommended, password reuse isn’t so risky on non-critical websites. Almost half of the 2020 Digital Guardian study participants said they use it for such sites.
Remember, though, e-commerce websites may not be critical, but such accounts store sensitive personal data. You would prefer it well-protected, wouldn’t you?
4. Only 8% of internet users say they’ve never reused their passwords.
A study from 2021 showed that only 8% of people online have never reused their password. It also suggested that 15% of people have used the same password for over 15 websites. Additionally, over a third of the survey respondents stated that they have a single password for 5 to 10 different websites.
5. An average person reuses each password 14 times.
(Source: Government Technology State & Local Articles)
Recent statistics on password reuse show an average person recycles their password 14 times. So, if someone could learn the password to one of their accounts, they would also have access to the other 13.
6. Two-thirds of people make similar passwords to their existing ones.
(Source: Finances Online)
Same passwords aren’t the only problem when it comes to security. Password reuse stats suggest that two-thirds of people come up with combinations similar to those they already use.
Password reuse breach risk awareness
By not having proper security suites and using one weak password, you can easily put yourself at risk of malware stealing your password. How common is this issue, and are people aware of it?
7. Poor and reused passwords account for 80% of breaches.
Many internet users believe poor password security and bad habits like password reuse are harmless. But the fact that poor and reused passwords are behind 80% of all breaches suggests otherwise.
Even more disturbing is the fact that 15 billion logins are circulating the dark web. Could your password be there?
8. 44 million compromised Microsoft accounts had reused passwords.
(Source: Infosecurity Magazine)
In a study that spanned three months, Microsoft’s threat research team checked over 3 billion credentials that hackers had stolen. The released password reuse data shows that 44 million users have used the same password on multiple accounts.
Microsoft further suggested that using Multi-Factor Authentication (MFA) can mitigate 99.9% of identity attacks.
9. Over 70% of users who had their password leaked have employed it in the next twelve months.
(Source: Panda Security)
Data suggests that internet users aren’t too afraid of password leaks. Over 70% of users with leaked passwords have employed the same ones in the next twelve months. Furthermore, 40% of them do it in the next three years after the leak. This increases the chance of suffering a password reuse breach significantly.
10. 92% of internet users understand the risks of reusing their passwords.
If you thought that people simply didn’t understand the link between password reuse and hacker attack, you were wrong. In fact, 92% of participants in a 2021 study said they were aware of the risk. Yet, the majority of them continue the practice. Isn’t that counterproductive? There must be a reason…
11. 68% of people who reuse their passwords are afraid of forgetting them.
There are various reasons why people choose to stick to one password for all of their accounts. According to password reuse facts, the most common one is the fear of forgetting them. Next follow those who want to be in control of all their passwords – 52%. And 36% of people don’t consider their accounts valuable enough to be targeted by hackers.
And here’s something curious. Have you heard of password anxiety and fatigue? Well, apparently, this is a real issue. So big that 15% of people say they would rather do a household chore than change their passwords.
Who reuses their passwords the most?
Some people have poor cyber security hygiene, while others always look for the best way to manage their passwords. The numbers may give you a better idea of it:
12. 78% of Gen-Z surveyed said they use one password for multiple accounts.
A whopping 78% of users belonging to Gen-Z admitted to using the same password for multiple accounts.
On the bright side, they’re more likely to use a two-step verification process, with 76% of them saying they do it.
13. People over the age of 50 are more likely to use different passwords for their online accounts.
(Source: Google / Harris Poll)
Password reuse data shows that older people are savvier regarding password management. Those over the age of 50 are more likely to have different passwords for their accounts and view installing cyber security software updates as an important action.
However, the numbers also suggest they’re less likely to use password management software and rely on remembering, writing down, or storing combinations in their computer.
14. 36% of UK and Japanese users reuse one password across 5 to 10 websites.
In the UK, 36% of users reuse their passwords on between 5 and 10 websites. The same percentage has been recorded in Japan.
15. 33% of users in Spain and Germany rotate the use of 5 to 10 passwords.
Internet users in Spain and Germany are more careful when it comes to avoiding a password reuse attack, with 33% of them rotating between 5 and 10 combinations.
16. 85% of passwords for online shopping have been reused or slightly adjusted.
(Source: Panda Security)
Online shopping is one of the activities people reuse their passwords for the most – 85% of all passwords on online shopping websites have been reused or slightly adjusted. This falls to 62% for email.
Business password reuse stats
Cyber security is an important topic for businesses across all industries. But are professionals less likely to reuse their passwords?
17. 51% of people use the same password for their work and personal accounts.
(Source: First Contact)
With 51% of users opting for the same passwords for their work and personal accounts, they might be putting the entire business at risk of a breach.
18. 49% of employees only add a digit or character when asked to update their company password.
(Source: Help Net Security)
Even when required to change their company password, almost half of employees simply add a number or digit to it. Similar passwords present almost just as much of a problem as reused ones.
19. IT professionals are more likely to reuse their passwords.
One of the more shocking revelations is that IT professionals are more likely to reuse their passwords. Password reuse statistics for 2022 suggest 50% of them do it.
Despite being aware of the risks, the same percentage of them also admit to password sharing.
20. Employees in the media and advertising industry are almost twice as likely to reuse passwords as those in other fields.
A study conducted by LastPass showed that employees working for media and advertising organizations are struggling with password reuse. They do it at almost twice the rate of people in other industries.
Chances are this is related to the number of accounts they have. The same study also confirmed they have the most passwords on average, with 97 per employee.
21. Canada has 15 reused passwords per business.
(Source: Last Pass)
Statistics on password reuse have shown that geography doesn’t matter as for businesses. However, companies in Canada have the poorest password hygiene, with 15 reused combinations per business.
France, Belgium, Netherlands, Australia, and New Zealand are next, with 14.
General password statistics
Why do some people find managing multiple passwords difficult? Looking at some of the general password statistics may help you find the answer:
22. 75% of people are frustrated by having to keep track of their passwords.
The fact that three-quarters of internet users feel frustrated by having to manage their password may also point to why so many people choose to reuse the same password.
23. 35% of users choose convenience over security when creating a new password.
Even when they’re aware of potential problems, 35% of users still prefer convenience over security when choosing a new password. That’s one of the things leading to password reuse vulnerability.
24. 34% of users reset a password roughly once a month.
Recent data shows that people often forget their passwords, with 34% of users having to reset a password roughly once a month. This is another proof that forgetfulness is one of the main reasons for password reuse.
Password reuse is one of the biggest risks internet users face. Even if it may not look dangerous, this practice can lead to serious data breaches.
The most recent numbers are disturbing. We’ll see what the password reuse statistics for 2023 bring. Let’s hope more people realize that using the same password for multiple accounts is like using a key that fits all locks. Losing it would mean your home, car, office, and safe can all be broken into. Doesn’t that defeat the keys’ purpose?
Frequently asked questions
How many times does an average person reuse each password?
An average person reuses one password 14 times.
Is it OK to reuse a strong password?
Reusing a password is never a good idea, and it’s best to have a different one for each of your accounts. However, if you plan on doing so, opting for a strong password with numbers and symbols is recommended.
How many people recycle passwords?
A study by Google and Harris Poll showed that 52% of people reuse their passwords on multiple, but not all, accounts. Only 13% of users have one password for all websites they visit.
What is the number one reason not to reuse multiple passwords?
The number one reason you shouldn’t reuse your passwords is that it can lead to a breach. Insecure passwords and recycled ones are behind 80% of such attacks.
How often should a password be reset?
You should change your password every three months. When it comes to password reuse, it’s the best practice you can employ to stay safe.
How many passwords does the average person use?
According to data released by NordPass, an average person has about 100 passwords to remember.
How many passwords are hacked every day?
About 6.85 million accounts get hacked every day. With password reuse statistics showing that 52% of people online recycle their combinations, it’s evident that this practice is a major contributor to it.
- Google / Harris Poll
- Google / Harris Poll
- Digital Guardian
- Government Technology State & Local Articles
- Finances Online
- Infosecurity Magazine
- Panda Security
- Google / Harris Poll
- Panda Security
- First Contact
- Help Net Security