10 Password Statistics that Predict Online Security Trends in 2024

Updated on March 20, 2024
Mentions in the media
Written by
Andrea Mercado
Edited by
Layla Varela
Fact-checked by
David Mercado
Password statistics

Passwords have been the status quo for online security, but significant cracks are starting to show. As threats like phishing scams persist, tech leaders are shifting to more advanced login methods. Passkeys, which use device biometrics instead of passwords, are gaining steam at companies like Google, Amazon, and PayPal.

But what do the latest password statistics reveal about user perspectives and future trends? Stay tuned to learn 10 vital facts that will shape online security in 2024 and beyond. 

LgiT1z8aMsNBYpcjj9pl59AlwD 8ginbfGsfqLyiPiahmKJ e3Rgq2ZB7DoeiYF3X l76nMWFoRiedpwjbDgvrqhA3Fx2p egaIJGt01OPX5vPVMpa3bUC1r9TTwZGMEY3db7hU5zBpFipOgCfjHIuM

Data Breach Status in 2023

Having around 100 passwords is the new normal, as found in a recent NordPass study. But, relying on single words, names, and short passwords puts your accounts at risk. That's why we need better education on making strong passwords.

Amid these challenges, practical solutions emerge. Biometrics replaces the hassle of memorizing passwords, but their widespread adoption faces hurdles in the current fragmented landscape.

Stay with us to unravel the status of data breaches in 2023. Discover how insecure user credentials played a role in nearly 20% of breaches and explore the evolving landscape of cybersecurity.

1. In 2023, 3 in 4 people globally were at risk of hacking

Risky password habits remain the norm despite their dangers. A global study by Keeper Security recently found that 75% don't follow expert advice and keep using weak passwords instead.

64% use easily guessed phrases or minor variations on go-to options. Over a third also feel overwhelmed trying to improve security. This resignation to poor practices leaves most vulnerable to credential theft.

As passwords slowly phase out in favor of passkeys, engrained behaviors still equip hackers.

2. The average cost of data breaches reached $4.45 million in 2023

The price of data leaks keeps climbing. The 2023 Global Data Breach Report from IBM and Ponemon Institute found breaches averaged $4.45 million in expenses - a 2% increase from 2022. This represents a new record as attacks and response costs intensify. 

The study also shows that reaches involving remote work also neared $1 million more per incident. With hybrid work setups becoming the norm, having clear visibility and robust data protection across different environments is crucial.

As attack sophistication and data volume grow exponentially, organizations must plan and budget for this reality or risk existential breaches.

image 26

3. 85% of people worldwide reuse passwords across multiple sites

Despite growing threats, Bitwarden's research found that 85% worldwide reuse passwords on multiple sites - a goldmine for hackers.

The report also shows that over half (52%) of respondents incorporate easily identifiable information like pet names, branding, or lyrics that criminals can guess.

The prevalence of easily guessable passwords responds to users' challenges in managing numerous login credentials. Despite the convenience, this widespread password reuse poses a significant vulnerability that often remains hidden until hackers exploit compromised credentials as an initial access point.

4. Compromised credentials facilitated 19% of breaches in 2023

Hacking user credentials remains a prime attack route. IBM and Ponemon Institute found that compromised emails and passwords enabled 19% of 2023 data breaches. 

That marks a concerning upward trend in breach costs tied to compromised third-party vendors compared to 2021, with associated costs rising from US$ 4.33 million to US$ 4.55 million.

Together, these trends showcase the spiraling fallout from ever-prevalent password problems and reliance on external suppliers. As big platforms slowly strengthen user access, legacy passwords create enormous exposure. 

zuaeqBEZ49Kg9oybdP6S ry6F7rJ0qighK H0PLiHd6i6C2AquKWmQ1zFhqEKr5X3w7tBbD2ZhfFYt2vck2FfIP8SLHeVuJzNJkqVrhGS9iAycjQRnVmkbP8 Qxdi7S0sSGCB417ma97 GZhy7 MzEk

Password Habits in 2023

5. "123456" was ranked as the most common password of the year, used 4 out of 5 times in 2023

Passwords like "123456" remain widely used despite being unsafe. A 2023 study by NordPass, in collaboration with independent researchers specializing in cybersecurity incidents, delved into a 4.3TB database sourced from various publicly available platforms, including the dark web, to examine passwords and reveal the most popular.

The analysis found that "123456" was the most common password 4 out of 5 times. The second most popular was "password." These weak passwords put accounts at high risk of hacking.

The study highlights the need for better awareness of creating strong, unique passwords. A password manager can help generate them to reduce reliance on weak defaults.

6. Hackers can crack 17 out of the world's 20 most common passwords in less than a second

Lazy, common passwords put accounts at severe hacking risk. 2023's analysis of over 4 million leaked passwords found most top choices are dangerously weak.

NordPass study showed that 17 of the 20 most popular passwords are cracked by hackers in less than one second. Even minor tweaks like "123456789" barely improve security. Endless use of effortless passwords like consecutive numbers or "password" makes data breaches inevitable.

Additionally, simple substitutions provide false confidence. While "UKNOWN" takes 17 minutes to decrypt, this is still trivial for modern malware.

7. 40% of people are unaware if their passwords have ever been breached

According to Keeper's study, despite 57% of respondents claiming to watch their passwords closely, a surprising 40% had no idea if their passwords had ever been breached.

That scenario raises concerns about individuals either overestimating their digital security or neglecting essential password hygiene practices.

image 25

8. Passwords make up almost 20% of the dark web listings

Personal data can verify identities and enable access to hundreds of accounts and financial information. That makes it a hot commodity for cybercriminals. 

According to CNBC, 86% of cyber attacks use stolen credentials to sell compromised information.

In Addition, NordPass reveals passwords and usernames represent 18% of the most common dark web items. Email addresses also frequently appear on these black market listings.

9. Approximately 29% of boomers use unique passwords for every account

Keeper Security's global password study reveals striking gaps in security habits across ages. Only 29% of Baby Boomers create strong, unique passwords for each login. For Gen Z, this drops to 20% - through 40% are overwhelmed by cybersecurity. 

The study also reveals that 41% of respondents feel cybersecurity is too complex to understand. Furthermore, the confidence divide extends to gender, with 39% of men feeling more assured about password security than 31% of women.

10. Passkeys are 40% faster than passwords

Passkeys have emerged as a swift and secure alternative to traditional passwords. They are designed to be 40% faster than passwords, according to Google, and have become the preferred trend for enhancing online security.

Unlike passwords, passkeys link directly to a user's device, utilizing methods like pins, fingerprints, or face scans. This direct association makes passkeys highly effective in resisting phishing scams, as hackers require physical access to the device, not just the password, to breach accounts.

image 12

Photo by Growtika on Unsplash

Summary: 10 Password Statistics for 2024

1. In 2023, 3 in 4 people globally were at risk of hacking

2. The average cost of data breaches reached $4.45 million in 2023

3. 85% of people worldwide reuse passwords across multiple sites

4. "123456" was ranked as the most common password of the year, used 4 out of 5 times in 2023

5. Hackers can crack 17 out of the world's 20 most common passwords in less than a second

6. 40% of people are unaware if their passwords have ever been breached

7. Passwords make up almost 20% of the dark web listings

8. Compromised credentials facilitated 19% of breaches in 2023

9. Approximately 29% of boomers use unique passwords for every account

10. Passkeys are 40% faster than passwords


What are the recommended characteristics of a strong password?

Strong passwords should be at least 20 characters long and include a combination of numbers, uppercase and lowercase letters, and special symbols. 

Avoid using easily guessable information such as birthdays, names, or common words, and remember to change your passwords regularly to enhance security.

What is the most common password across e-commerce and social media?

According to NordPass, the top-ranking password for e-commerce sites, email accounts, electronic devices, and streaming services is "123456." 

The most prevalent password for social media platforms, financial accounts, and smartphones is "UNKNOWN."

What is Two-Factor Authentication (2FA), and why should I enable it?

2FA adds an extra layer of security by requiring users to provide two forms of identification: a password and a one-time code. 

Enabling 2FA makes it more challenging for cybercriminals to gain unauthorized access to your accounts.

Final Thoughts

Poor password practices remain embedded despite rising threats. Studies in 2023 found risky behaviors like reuse persist, alongside misunderstandings of risks. That leaves most accounts prime for credential theft, the catalyst for over half of the breaches. 

Even as passwords slowly phase out, years of accumulated stolen data will continue to equip hackers.

But 2024 may prove a turning point if passkeys gain momentum. With direct device ties and biometrics replacing typed phrases, passkeys aim to eliminate phishing and guessability. Their launch by leaders like Google and Apple lays the groundwork for mass adoption if consumers and developers embrace convenience over the status quo. 

While ingrained password behaviors could persist for years absent mandates, expect passkeys to dominate cybersecurity talks in 2024. Their success riding on user mindsets, education, and incentives will shape the next era of access beyond negligent passwords.


Related Articles

Andrea Mercado is a tech-focused journalist and copywriter with over 5 years of experience covering innovation, edtech, AI, and internet trends across media outlets. She is passionate about how technology can democratize access to education and is an avid learner when it comes to emerging tech like AI. Her articles and webinars help readers stay informed on the latest tech developments.
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram