Over 54% of People Globally Rely on Memory to Manage Passwords and Reuse Credentials at Work

56% of US individuals that have adopted a password manager at home report becoming more security conscious at work

Key Takeaways:

  • 31% of US respondents reuse passwords across 11-20+ sites or apps at home, and 42% incorporate personal information into their passwords, raising concerns about password strength and security – higher than the global average of 25% that reuse passwords.
  • A majority of respondents continue to use memory (58%) and pen and paper (34%) for password management at work, underscoring a reliance on outdated and potentially insecure practices.
  • Over a quarter of respondents (26%) feel unprepared or uncertain about defending against AI-enhanced cyber threats, highlighting a gap in cybersecurity readiness.
  • 23% view their workplace security habits as risky, with notable percentages storing passwords insecurely (45%) or using weak credentials (44%), indicating areas for improvement in organizational cybersecurity practices.
  • Although 51% of US respondents are adopting passkeys, there is a lack of understanding (33% are “not very well informed” or “not at all") about the privacy and security benefits of passkeys.

SANTA BARBARA, Calif.--()--Bitwarden, the credential management leader, today announced the results of its fourth annual World Password Day survey, in advance of World Password Day on May 2, 2024. Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to delve into current user password practices. The survey examines password security habits at home and in the workplace, assesses the perceived impacts of phishing and AI on online security, and captures user sentiment towards passkey adoption as an emerging authentication method.

Individuals reveal risky password practices at home

The survey shows that more than a third (31%) of US-based individuals reuse passwords across 11-20+ accounts (compared to a 25% global average), with almost half (42%) admitting to using personal information in their credentials that is publicly accessible on social media platforms (61%) and online forums (40%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse significantly heighten cybersecurity risks and identity theft.

Discrepancy between cybersecurity confidence and behaviors

There is a critical need for enhanced awareness and education about better cybersecurity habits at home and at work. Despite 77% of users claiming they feel confident in being able to identify a phishing attack and 74% feeling prepared to identify and mitigate AI-enhanced cyberattacks, a substantial number of respondents still resort to risky password management methods. Fifty-five percent of individuals rely on memory, and 35% use pen and paper to manage their passwords at home. Nearly half of respondents (46%) reveal they very frequently or somewhat frequently access personal and work data on public networks, increasing their vulnerability.

These behaviors have clear consequences, with nearly a quarter (23%) of US users admitting to experiencing security breaches, and 26% confirming their passwords have been stolen or compromised in the past. The survey indicates a higher incident rate for US respondents compared to the global average, with only 19% admitting to experiencing security breaches and 23% confirming their passwords have been stolen or compromised. This underscores the cognitive dissonance between users’ security postures and their actual practices.

Weak personal password habits compromise workplace security

The survey’s findings illustrate that individual password habits at work mirror those at home. The majority of respondents admit to relying on memory (58%) and pen and paper (34%) for their workplace accounts. More than half (52%) reveal that they somewhat frequently or very frequently reuse passwords across workplace platforms or accounts.

Additionally, 61% of respondents say they receive regular security training focused on safeguarding login credentials against common threats, with 97% citing that they are confident or somewhat confident in counteracting those threats. Their behavior, however, paints a different picture with nearly a quarter (23%) classifying their workplace security habits as somewhat or very risky. Though lower than the global average of respondents classifying their workplace security habits as risky (37%), US users persist in using weak or personal-info based passwords (44%), storing work passwords insecurely (45%), not using 2FA (23%), and sharing passwords insecurely (32%).

Stronger cybersecurity habits on the rise

Despite the password security challenges, the survey reveals encouraging trends, demonstrating that users are increasingly adopting more responsible cybersecurity behaviors. Fifty-six percent of US individuals (and 51% of respondents globally) that have adopted a password manager at home report becoming more security conscious at work, and 48% say they reuse passwords less frequently. This extends beyond personal use, with 32% sharing the benefits of password management software within the workplace. The positive influence of using password managers at work is evident in respondents’ personal lives, with 67% acknowledging increased security awareness at home, alongside a reduced frequency of password reuse (49%).

Adoption of two-factor authentication (2FA) is on the rise, with 80% of US respondents using it for most personal accounts or certain important accounts, and 74% using it for most workplace accounts or only for important accounts. Globally, there is greater awareness of its importance as a secondary security layer, with 57% of all respondents using 2FA to enhance their security posture as a result of an increase in phishing attacks. The growing frequency of cyberattacks targeting employees’ credentials has not gone unnoticed either. Seventy-two percent of respondents have made some improvements or have increased safeguards to enhance security posture, showcasing a commitment to stronger cybersecurity practices across personal and professional settings.

Progress in passkey adoption

Fifty-one percent of US survey respondents have adopted passkeys, indicating a continued shift toward passwordless authentication (globally, 55% have shied away from passkey adoption). However, more than a third (34%) of respondents still lack a full understanding of their security advantages, signaling a need for more education on the security benefits of passkeys over traditional passwords. Despite growing adoption, concerns about privacy and security persist. Users express apprehensions regarding data misuse (35%), monitoring uncertainties (34%), unauthorized access (30%), and secure storage doubts (28%). Transparent communication and strong security assurances are essential to address these issues, boost user confidence, and promote broader acceptance of passkeys.

If organizations adopted passkeys, 65% of respondents feel their trust in their company’s security resilience would increase, and 68% would be more inclined to use passkeys personally if their workplace implemented them. Forty-five percent of respondents foresee passkeys and passwords coexisting and 22% anticipate passkeys will make passwords obsolete. Regardless of individuals’ outlook on the future of passkeys, a majority (63%) feel the industry needs to enhance its efforts in educating the public about the benefits of passkey technology.

Methodology and full survey results

The Bitwarden World Password Day survey, conducted in Spring 2024, gathered insights from 400 individuals each from the US, UK, Australia, France, Germany, and Japan about current password management habits and passkey adoption sentiments at home and at work. Click here for a comprehensive exploration of the survey findings.

About Bitwarden:

Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive data. With a transparent, open-source approach to password management, secrets management, and passwordless innovations, Bitwarden makes it easy for users to extend robust security practices to all of their online experiences. Founded in 2016, Bitwarden is supported by a passionate global community of security experts and enthusiasts. The company is headquartered in Santa Barbara, California, and has a globally distributed team. Learn more at bitwarden.com.

Contacts

Mike Stolyar
Director of Communications, Bitwarden
mstolyar@bitwarden.com

Contacts

Mike Stolyar
Director of Communications, Bitwarden
mstolyar@bitwarden.com