Have you ever created a weak password such as “12345678” or “123456” to protect your personal account on any website or application? If your answer is yes, it is very likely that these easy password alternatives will be compromised at some point.
With the undeniable effect of the widespread use of IoT applications, a significant increase has been observed in password theft in recent years. This situation, of course, does not only apply to individual users. Organizations, which are important actors in the business world, may have to cope with serious data losses and negative financial statements if they do not attach enough importance to password security protocols. In this article, we'll explore 33 striking statistics compiled from different sources on why it's important to use a strong password.
Password Breach Statistics
The numbers related to password breaches clearly reveal the gravity of the situation. For instance, current cyberattack statistics show that 1.67% of Android malware are password trojans. The striking statistics below prove how important password security is.
Hackers have posted more than 555 million stolen passwords on the dark web since 2017. (Cnet, 2020). In 27% of these cases they tried to guess them, and in 17% of them they made the correct guess.
80% of cyber security breach incidents result from stolen and reused login information. (Verizon, 2020)
The cause of 81% of data breaches in organizations are weak passwords. (TraceSecurity)
Script hacking attacks trying to guess usernames and passwords occur globally every 39 seconds. (WebsiteBuilder.org, 2021)
This is a common scenario as far as data breaches. Now, if you're wondering how the situation is in the business world, the next set of statistics will satisfy your curiosity.
Business World Password Statistics
The most commonly identified cause of these surprising password breach statistics is remote working methods and business models that have changed with digital transformation.
49% of IT security professionals and 51% of individual users share their passwords with colleagues to access their business accounts. (Yubico and Ponemon Institute)
57% of participants admitted that they wrote work-related online passwords on sticky notes, and 67% of these respondents said they lost those notes. (Keeper Security)
51% of the participants stated that they used their personal mobile devices to access work-related items, and 56% of this group mentioned they did not use a 2FA method. (Yubico and Ponemon Institute)
44% of participants admit to sharing professional account usernames and passwords while working remotely. (LastPass)
Only 35% of the employers who participated in the survey stated that they enabled their employees to update their passwords more regularly while working remotely. (LastPass)
59% of IT security professionals stated their organizations rely on human memory for password management. (Yubico and Ponemon Institute)
After discussing the highlights of the business world password statistics, let's examine the statistics on password security in detail in general framework.
Password Security Statistics
Let's take a look at the data obtained from different studies to discuss the statistics on password security in detail in general framework.
76% of the younger generation does not pay attention to password security. (Digital Guardian)
76% of people between the ages of 18-24 are quite likely to reuse a password. While this rate is 62% in 65yo+ people, the age range with the highest rate is 18-24. (Digital Guardian)
43% of the US internet users share their online passwords with others. (Google)
According to surveys, nine out of ten people are concerned that their passwords may be stolen or attacked. Still, it is emphasized that 90% of the passwords they use are open to cyberattacks. (Avast)
As a consequence of the Gmail data breach in 2014, 5 million passwords were leaked. It has been found that the majority of both men and women's passwords are eight characters long. (WPEngine)
69% of employees share their passwords with their colleagues. (Betanews)
According to Security.org, a study found that 15% of participants used their own names in their passwords. (Security.org)
Employees reuse their login credentials 13 times on average. The reuse of login credentials that have been subjected to a series of attacks greatly simplifies the process of obtaining passwords for cyber attackers. (Logmein)
Multi-Factor Authentication (MFA) prevents 99% of password security issues by enabling secure password use. (Microsoft)
In 2021, 93% respondents to a data security survey stated that passwords in their banking and financial accounts were the most important thing to secure. (Duo Labs)
Breaking a 12-character password takes 62 trillion times longer than breaking a 6-character password. (Scientific American)
67% of organizations use password management policies, but only 34% of them say that they strictly enforce them. (Yubico and Ponemon Institute)
The 10 most frequently used passwords in the world are:
After looking at the password security statistics from a general point of view, we will examine the violations on a Industry basis and expand our perspective.
Password Security Statistics by Industry
Many industries fall short of establishing the right password security policies. Below you can find some interesting statistics that stand out from different industry sectors.
"Passsword" and "Vacation" are among the most popular passwords. We don't need to tell you how disastrous this choice is. (NordPass)
Technology and software industries (37%) are more likely to adopt multi-factor authentication than law and insurance industries (20%). (LastPass)
59% of financial services companies have more than 500 passwords that do not expire. (Varonis)
Small businesses with fewer than 25 employees had an average of 85 passwords per employee. (LastPass)
About one-third of hospitals and healthcare systems plan to implement biometrics 29% by 2023. (HIMSS)
In all sectors, it took an average of 280 days to detect and contain a data breach. (IBM)
Employees in the media/advertising industry have the highest average number of passwords per employee, with an average of 97 passwords per employee. (LastPass)
Employees working in the media/advertising industries tend to reuse passwords at almost twice the rate of other industries. (LastPass)
Employees in the government industry have the least average number of passwords per employee, with an average of 54 passwords per employee. (LastPass)
6 Tips to Improve Your Password Security
You can secure your personal passwords and your organization's IT infrastructure by considering these 6 tips that will help you improve your password security.
Calculate the password entropy: Password entropy allows you to determine whether a password can be easily broken. For strong entropy, you must create a password with at least 8 characters, with upper/lower case letters, and special characters.
Use random passwords for each account: Use different passwords for all your accounts. Make sure that not only some but all passwords are different.
Review regulatory and standard requirements: If you have an IT infrastructure that is compatible with SOC 2-like security frameworks, use a password manager to meet cyber security requirements.
Choose 2FA or multi-factor authentication: In an IT network using these systems, a user must authenticate two or more factors to log in. In these systems, biometric data and short-term codes sent to mobile devices are used.
Use a password administrator: By using password management systems, you can securely store all your passwords in different accounts.
Prevent password sharing: You can prevent password sharing between your employees by using the password vault feature. By using a password manager with a password vault feature, you can also protect the passwords of users with privileged access in isolation from the network.
Password Vault and MFA Solutions Improve Password Security
You can take advantage of Multi-Factor Authentication (MFA) and Password Vault features, which are an important part of Privileged Access Management (PAM) solutions to ensure password security. Playing a key role in helping the PAM ecosystem make your IT infrastructure more secure against cyberattacks, MFA provides a high-level layer of security with strong password, geolocation and OTP features. Password Vault also offers another cyber security capability that allows you to apply one or two-level administrator approval processes for password access without showing the passwords by using the management approval feature. This way, you can eliminate both password sharing and internal & external threats.
If you want to make passwords more secure for your users and/or IoT devices accessing critical data areas, advanced protection against cyberattacks can be accomplished by using Multi-Factor Authentication (MFA) and Password Vault products. You can contact us with all your questions about our Multi-Factor Authentication and Password Vault solutions.