12 Statistics to Promote Better Password Management

Image by Gerd Altmann from Pixabay

The problem with passwords is, the more we have, the harder it is to keep track of them.

This leads many to create passwords that we can easily remember, even if they aren’t the most secure.

However, this often causes password reuse across accounts and creating simple passwords that are all too easy for a bad actor to hack.

With 80% of all data breaches linked to passwords, it’s so important for businesses to establish better password management practices. This starts with understanding what is considered a weak password, and creating better password policies for employees to follow.

We dig into a few of the key password statistics to highlight the danger of poor password management and offer tips for improving passwords below.

Weak Password Statistics

1. 36% of people engage in bad password habits because they believe their accounts are not valuable enough for hackers. (LastPass).
2. 62.9% of online users change their passwords only when prompted. (GoodFirms)
3. Even though 92% of people know that using a variation of the same password is a risk, 65% always or mostly use the same password or a variation.
4. 62% of employees say they store login credentials in a notebook or journal, leaving them accessible to prying eyes. (Keeper Security)
5. 64% of respondents said they use at least eight characters when creating a password. (Security.org)
6. 37% of respondents have used their employer’s name in a work-related password.
7. 79% of respondents created their password by mixing and matching words and numbers.
8. 30% of respondents (IT experts, employees, and heads of organizations) said they have experienced a security breach due to weak passwords.
9. 15% of people use their own first name in their password.
10. 18% of respondents said they had to reset their work passwords an average of five or more times in 2020. (Dashlane)
11. Employees reuse a password an average of 13 times.
12. Forgetting a password caused 78% of respondents to reset a password within the last 90 days when surveyed in 2019. (HYPR)

How to Improve Password Management

Educating employees on password best practices is always a good place to start. We have a few other helpful tips for creating stronger password hygiene in your workplace:

• Encourage employees to use passphrases rather than passwords. These will often be longer than a standard password (meaning they’re harder to crack) and don’t include dictionary words that make passwords more vulnerable to hacks.
• Invest in a password manager. These secure password vaults encrypt user’s account logins so they don’t have to remember tons of passwords, only the master password that logs them into the password manager.
• Use two-factor authentication or multi-factor authentication where possible. Many tools like Gmail or social medias allow users to opt for a 2FA or MFA login, which strengthens passwords by putting up an extra layer of protection for sensitive accounts.
• Remind employees to use random passwords for every account. This is especially important for keeping sensitive accounts like email or accounts containing sensitive information such as client or patient data. If a hacker is able to uncover your password and you use it for every account, this makes hacking into more than one account very easy for them.

Password management is a good idea no matter what industry you operate in. It can be especially important, though, if you need to comply with industry standards or regulations such as SOC 2, PCI DSS, or ISO 27001. HIPAA also outlines specific password instructions that can lead to costly HIPAA violations if not properly managed.

Now that you know why password management is so important, our friends at Secureframe have created this helpful infographic that outlines how to create an unhackable password and password creation frameworks to try.