Password manager company Bitwarden has announced the results of its third annual global password management survey, in advance of World Password Day on May 4, 2023.
The survey probes ongoing user password habits such as continued password reuse, ever-present cybersecurity risks, and growing interest in passwordless authentication.
Despite the increase in cyberattacks, the research shows that people are still putting their security at risk with 85% of global respondents (88% UK) reusing passwords across multiple sites. 52% of global respondents (56% UK) use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of children, partners, or other loved ones.
58% of global respondents (63% UK) rely on their memories to manage passwords for websites, apps, and services at home or at work – up from 55% last year (59% UK), yet 51% (60% UK) have to regularly reset their passwords because they can’t remember them. 77% use passwords that are at least 9 characters long (84% UK); and 58% use two-factor authentication (2FA) for work accounts (58% UK) and 66% for personal accounts (62% UK).
The survey also points to some significant vulnerabilities:
A fifth (20%) of global respondents report being affected by a data breach in the past 18 months; while data breaches may not be preventable, they tend to have a ripple effect for those that reuse their passwords (19% UK)
Almost three-quarters (73%) of global respondents (78% UK) manage passwords for 10 or more sites – a number that has particular resonance when considering the percentage of people who rely on memory to manage passwords
Around a fifth (19%) globally have used a password that included the word “password” or a variant spelling of the word (24% UK)
Nearly all (91%) respondents (96% UK) are concerned about cybersecurity threats
Globally, 26% have been reusing the same password for more than a decade (23% UK)
The survey explored sentiments around passwordless technology such as biometrics, passkeys, and security keys. A majority (53%) of UK respondents reported being ‘excited’ about passwordless technology, a number that mirrors the global response (56%).
Of the UK respondents using passwordless authentication, 56% are or would consider using biometrics such as facial recognition, fingerprint, and voice to represent ‘something you are’ and 20% would prefer a PIN, name, or word for ‘something you know’. The ‘something you are’ method is slightly less prominent globally, with 50% of respondents utilizing or considering it.
Global respondents who said they were not excited about passwordless authentication cited a few qualms: 57% prefer to use their memory over their fingerprint or face (60% UK) and 38% were worried about their fingerprint or face ID being used against them (33% UK). The first finding further illustrates the propensity of users to rely on their memories to manage their passwords, a strategy that comes at a cost with users resorting to weaker, more memorable passwords.
The results also looked at habits when it comes to sharing passwords for digital apps and streaming. In spite of news around Netflix’s plans to crack down on password sharing this year, 36% of global respondents (35% UK) still share passwords for TV streaming services. That’s higher than global respondents who share passwords for social media apps (24%), banking apps (21%) and music streaming apps (21%). In the UK, 23% share passwords for social media apps, 19% for banking apps, and 20% for music streaming apps.
Similar to prior surveys, the 2023 survey probed password managers in the workplace. Last year, 25% of global respondents said they were required to use a password manager at work. This year tracked similarly, with 23% reporting workplace usage. And of those required to use password managers, 88% reported their employer provided the software.
“This year’s survey delivered encouraging results around passwordless technology and 2FA,” said Bitwarden CEO Michael Crandell. “Other results show room for upside. While over half of respondents use password managers, there is clearly still major room for growth in adoption.
“Password managers mitigate the need for password reuse and trying to rely on fickle and fleeting memory. Equipping users with the tools they need to use strong and unique passwords for sites that require passwords – and passwordless authentication for those that support it – means they are much less likely to suffer the pain of a data breach.”
For complete survey details, visit https://bitwarden.com/