World Password Day reveals password reuse remains a big issue

World Password Day brought encouraging - and dismaying - news in Bitwarden's survey into global password habits.
16 May 2023

What did you name your first pet? Source: Shutterstock

Ahead of this year’s World Password Day, Bitwarden announced the results of its third annual password management survey.

The survey looks at the ongoing password habits of users, both specifically in the UK and on a more global basis, including password reuse, cybersecurity risks, and growing interest in passwordless authentication. According to the results, 96% of Brits are concerned about cybersecurity threats – but they continue making significant mistakes when it comes to online security and protecting their data.

Key findings of the survey include:

  • 88% of Brits reuse passwords across multiple sites, making them more vulnerable to data breaches
  • 63% of Brits rely on their memories to manage passwords for websites, apps, and services at home or at work, yet 60% have to regularly reset their passwords because they can’t remember them
  • 56% of Brits use easily identifiable information in their passwords, such as known names, lyrics and personal names the names of children, partners, or other loved ones
  • In spite of news around Netflix’s plans to crack down on password sharing this year, 35% of UK respondents still share passwords for TV streaming services. They also share passwords for banking apps (19%), social media (23%) and music streaming apps (20%).
  • A majority (53%) of UK respondents reported being ‘excited’ about passwordless technology – but those who aren’t excited would prefer to use their memory (60%), making them reliant on weak, easy-to-remember passwords.
  • 56% of global respondents (and 53% of UK respondents) are excited about passwordless authentication options like biometrics, passkeys, or security keys
  • Best practices are still diluted by bad habits, with 85% of global respondents (and 88% of UK respondents) reusing passwords across multiple sites and 58% (global) relying on memory for their passwords (63% UK)
  • 56% of global respondents (56% UK) use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of loved ones.

The results also point to some significant vulnerabilities:

  • A fifth (20%) of global respondents report being affected by a data breach in the past 18 months; while data breaches may not be preventable, they tend to have a ripple effect for those that reuse their passwords (19% UK)
  • Almost three-quarters (73%) of global respondents (78% UK) manage passwords for 10 or more sites – a number that has particular resonance when considering the percentage of people who rely on memory to manage passwords
  • Around a fifth (19%) globally have used a password that included the word “password” or a variant spelling of the word (24% UK)
  • Nearly all (91%) respondents (96% UK) are concerned about cybersecurity threats
  • Globally, 26% have been reusing the same password for more than a decade (23% UK)

WorldPassword-less day?

There are increasingly more options for ensuring cybersecurity, including biometrics, passkeys, and security keys. The majority (53%) of UK respondents to the survey were excited by the prospect of passwordless technology. Forget World Password Day, when’s the next facial recognition celebration?

With the majority of iPhone users already onboard, it’s no surprise that 56% of respondents who would use passwordless authentication would choose biometrics as an alternative. 20% said they’d prefer to use a PIN, name, or word. This option would refer to ‘something you know’, while biometrics pertain to ‘something you are.’

With Netflix’s plans to crackdown, the survey also looked at password sharing: 36% of global respondents share TV streaming passwords.

Bitwarden CEO Michael Crandell said that “This year’s survey delivered encouraging results around passwordless technology and 2FA… Other results show room for upside. While over half of respondents use password managers, there is clearly still major room for growth in adoption. Password managers mitigate the need for password reuse and trying to rely on fickle and fleeting memory. Equipping users with the tools they need to use strong and unique passwords for sites that require passwords – and passwordless authentication for those that support it – means they are much less likely to suffer the pain of a data breach.”

There’s still a way to go, with global respondents showing some trepidation at the prospect of passwordless technology. 57% of them prefer using their memory over a fingerprint or face, and 38% were worried about their fingerprint or face ID being used against them. Not only is memory unreliable, but users who prefer this method likely opt for memorable passwords – which are easier to guess.

The survey also looked into the use of password managers in the workplace. Last year, 25% of global respondents said they had to use a password manager at work. Similarly this year, 23% reported workplace usage. Of those required to use password managers, 88% said their employer provided the software.

The full survey results and methodology can be found here.