Password breaches have become common, a worrying trend today. Cybercriminals devise novel means of accessing people’s accounts and records, which many people do not want to encounter.
One password should not be used for multiple accounts. Most people now have multiple passwords to protect their account records and identity. But that doesn’t seem enough. In 2022, hackers exposed over 24 billion passwords. Identity theft is three times more likely to occur in 2023 among internet users without password managers. Let us look closely at the password breach statistics you must know about today.
General Password Breach Statistics
1. About 336 million subscribers on Twitter were affected by a bug that saved passwords as plain text.
2. Two or more verification factors have a success rate of 99.9% in stopping unauthorized entry.
3. A third of malware-induced breaches are done by password malware.
4. It is easier to compromise a 6-digit password but extremely difficult to crack a 12-digit password.
5. The number of passwords one person can use for multiple accounts is up to 85.
6. The strongest passwords are 16-digit ones from a 200-character set.
7. The default recommendation for the number of digits for a password is 8 digits. Having more digits creates a stronger password.
8. 70% of people who use the internet are worried about being potential victims of cybercrime.
9. About 62% of companies admit they have not done a thorough job of securing information on mobile devices.
Statistics on Password Security
10. Training on the management of passwords is conducted more than once by 63% of Internet security leaders annually.
11. 93% of Internet security outfits admit they need password maintenance protocol on their platform.
12. According to a survey by Duo, two-factor authentication (2FA) is gaining traction in popularity. 79% of account owners stated they use 2FA as a measure to protect their accounts in 2021. Awareness of the importance of two-factor authentication has improved since 2019, when just 53% of account owners used it.
13. Most organizations (about 67%) have a policy on passwords for their employees but rarely enforce it. Only about 34% adhere to enforcement of such policies.
14. 60% of non-professional folks actively use two-factor authentication, whereas in the world of professionals, 79% are familiar with its use.
15. Despite most Americans not needing password protocols in their workplace, three out of four (73%) believe their company should provide one.
16. 85% of respondents admit they prefer using text messages for the two-factor authentication.
17. From a global point of view, Americans are more inclined to use password management (40%) than the rest of the world (31%). This shouldn’t be a surprise when considering that the US tops the chart as the most hit country by cybercrime. This has created fear among the average American who doesn’t fancy becoming a victim. Some were victims and wouldn’t want a part two of the unfortunate experience.
Statistics on the Use of Weak Passwords
Despite many folks knowing it’s a bad practice to reuse passwords, the practice is still trending amongst most people. Let’s see what the stats have to say about this:
18. According to a report by GoodFirms, 30% of professionals have admitted to experiencing some form of security compromise. This is because most companies have yet to take the threat of a password breach seriously.
19. A third of American residents are more concerned about the convenience of reusing a password on multiple accounts. However, they are less concerned about the possible security breach. More awareness is needed to ensure most account owners know the imminent threat to their accounts. This will propel them to take the necessary steps to secure them and avoid using weak passwords.
20. About 18.8% of compromised passwords had only lowercase alphabets. It has been proven that a password with a different combination of characters makes it more secure and difficult to bypass.
21. Among people with the habit of reusing passwords, about 36% of them are convinced their accounts hold no significant value to hackers. Such online users are found on social media, especially when they have few friends and aren’t active users. They assume no hacker will be interested in their accounts due to the small number of followers they command.
22. Password changes are done by 62.9% of users online only when requested. Despite the growing threat of cybercrime, most online users tend to be calm about it.
Statistics on Data Breach
23. 64% of users admit they use at least 8 digits when creating their passwords. This has become the standard number of digits for password creation.
24. 62% of employed folks wrote their login information in a journal or notebook. This increases the risk of such information being seen by a third party, which could pose a serious security threat.
25. According to a report by SecurityOrg, 79% of account owners create passwords using a combination of numbers and words.
26. About 88% of compromised passwords comprise no more than 12 characters.
27. 37% of professionals have used the name of a colleague when creating a password.
28. 24% of global internet traffic is used by malware and malicious bots.
29. Scary statistics in 2022 from a survey by PRNewswire show that about 24 billion passwords and usernames are available on the dark web and marketplaces.
30. Despite being victims of data breaches, 53% of IT professionals say their companies took the necessary steps to ensure such infringements don’t occur again.
31. According to a survey by Verizon, About 80% of unauthorized access to data was done through bypassing passwords.
32. Account owners with weak passwords are about twice as likely to be breached (by 62%), whereas those with stronger passwords are less likely to be hacked (29%).
33. Cybercriminals use the most common phrase when hacking an account or network: “password.”
34. The most common words used for most password breaches are “p@ssw0rd”, “welcome,” “admin,” and “password.”
Statistics on Password Reset
35. Despite experiencing password breaches, 45% of account owners failed to change passwords a year after the infringement.
36. The human element accounts for about 80% of all password breaches that could involve either human error, phishing, or the use of credentials.
37. Astonishingly, among the breached passwords recovered in 2020, 60% of account owners of such passwords used weak passwords across other accounts.
38. A fifth of account holders forget their passwords and must reset them to regain access to their accounts.
39. 48% of account owners admitted they are likely to leave a website when they try to change their passwords using the same password and are told they can’t use the same password.
40. In a survey by BeyondIdentity, 45% of online users admitted to changing their password at least once annually because of incorrect login information.
41. Interestingly, about 25% of online users are likely to leave their cart of $100 when required to reset their password at a checkpoint.
42. After resetting passwords, 57% of people who do so are likely to forget their new password, according to a survey by OnePoll.
43. In 2020, 18% of account owners said they had to reset their passwords five or more times.
44. When prompted to reset their passwords, about 12% of people will likely use a variation of the old password.
Password Breach Statistics in the Workplace
45. 51% of professionals use mobile phones to access work-related issues.
46. 39% of professionals in America did not need to reset their passwords because their current password is strong.
47. Due to password-related problems, business owners spend an average of about $480 on an employee.
48. 49% of IT professionals will likely share passwords with a colleague while accessing a business account.
49. About 51% of professionals share their passwords with fellow employees when sharing work.
50. At least 59% of Information Technology professionals admit their company relies mostly on human memory for their password protocols.
51. 5% of IT security units are confident in not allowing sacked employees to leave the firm with company passwords.
52. 44% of remote professionals admitted sharing passwords with colleagues for work-related issues.
Password Breach Statistics by Industry
53. According to a survey by NordPass, the most frequently used password in industries is “password.”
54. About 50.1% of people, on average, share three of their passwords with other people via video streaming, while 34.2% do so through their smartphones. 48.8% do this through music streaming. These are the most popular medium passwords are shared with others.
55. In the healthcare sector, one of the most popularly used words for password management is “vacation.”
56. Most people who engage in online banking (68.6%) strongly believe the passwords used on their accounts are secure.
57. about 34% of people are inclined to reset their passwords at least once a month for apps that deal with money transfers. However, 44% are likely to do so once a year.
58. On passwords that do not expire, 59% of financial institutions have above 500 such passwords.
Statistics on Password Breach Trends
59. According to a survey by SecurityOrg, 18% of password management involves using a pet’s name.
60. In order of ranking, The most commonly used words or phrases for password management in America are 123456, password,12345, 123456789, and Password1.
61. Birth years are used by 21% of respondents.
62. A report by OnePoll revealed that the average user in the US has been locked from at least 10 accounts online in a month.
63. The word “dolphin” was the most frequently used phrase related to an animal as of 2021.
64. In a scenario where passwords have been forgotten, 64% of account owners are likely to leave the platform without returning to it.
65. After closely examining 4.6 million subsets of passwords frequently used to target remote desktop protocols (RDP), 24% of password digits used were 8 in length.
66. From zero to 99 in numbers, almost half of the 10 million passwords scrutinized by VPEngine had at least one of an 8-digit password range.
67. “I love you” is a phrase frequently used by female respondents (222,287) when compared to their male counterparts (96,785).
68. The most frequently used superhero names for password protocol are Superman and Batman.
Predictive Statistics on Password Security
69. As of 2022, the projected market value of multiple-factor authentication in that timeline was $17.9 billion. It’s expected to hit the $53 billion mark in 2030.
70. 42% of account owners prefer a biometric authentication system (usually fingerprint) to measure enhanced security for their accounts on some apps with those options.
71. Data considers MFAs without passwords to give the best authentication protocol by at least nine out of ten from the closely examined 500 IT security units on the internet. This translates to almost 90% of them having this opinion.
72. Generally, 65% of US users think biometrics will improve their company’s security protocol. However, 55% believe that any security authentication that doesn’t require passwords is more secure. Notably, an average American account owner is losing faith in passwords with the current trend in password breaches in the country.
73. 96 percent of IT security units have more faith in security authentification protocols that don’t require passwords. They believe such a security approach would create a more convenient experience for their workers.
74. In the second quarter of 2023, the listed five countries suffered the most unauthorized access to accounts globally. Interestingly, they are also the top five countries with the most breached accounts in the first quarter of this year.
75. From its position as the second most hit regarding account breaches in the previous quarter, America emerged the first in the second quarter of 2023. Its number of compromised accounts amounted to a mind-boggling 49.8 million. According to a report by SurfShark, this figure makes up 42% of the total compromised accounts globally.
Global Password Breach Statistics Trend Review
76. The table below gives us an overview of countries most hit by password breaches.
No | Ranking by country | Breached accounts |
1 | America | 49,823,245 |
2 | Russia | 15,277,996 |
3 | Spain | 3,724,924 |
4 | France | 3,444,592 |
5 | Turkey | 2,750,117 |
77. With just 5.4 million compromised accounts in the first quarter, the new trend spiked by almost 830% in the second quarter of 2023. This made the US the most vulnerable country in the world for cybercrime.
78. Russia took the second place in the second quarter of 2023. Like the US, it experienced an alarming increase from the first quarter, with 6.8 million hacked accounts to approximately 15.3 million. This amounts to roughly 14% of the total compromised accounts worldwide.
79. For Spain, the country went from number five in the first quarter to third in the second quarter of 2023. It recorded 3.1 million and 3.7 million breached accounts in the first and second quarters respectively. Fortunately, the increase in the second quarter was little compared to the countries aforementioned.
80. The French fared better by maintaining the fourth position in both quarters despite slightly increasing the number of breached accounts. The breached accounts scaled from 3.2 million in the first quarter to 3.4 million in the following quarter.
81. Turkey went from number 25 in the first quarter of 2023 to number five in the second quarter. While the first saw 120,000 breached accounts, the second quarter recorded 2.8 million compromised accounts, representing a 22 times quarterly increase.
Regional Password Breach Statistics Trend Review
82. North America tops the number of breached accounts in the second quarter of 2023. This is not surprising, considering that America is the most vulnerable country within the time frame.
83. North America recorded about 51.3 million hacked accounts, an alarming figure compared to 5.7 million data of the previous quarter. This means the region experienced a spike in breached accounts by a whopping 806% in the second quarter. 97% of the total accounts hacked in this region came from America.
84. South America and Oceania experienced significant growth in breached accounts by quarter measure in 2023. South America went from 854,000 compromised accounts to 1.6 million, representing a growth rate of nearly 90%. Oceania grew from 287,000 compromised accounts in the first quarter to 2.4 million accounts the next quarter, showing a massive growth of 730%.
85. The European region also saw a relative increase in hacked accounts within the same timeline. The French region increased by 12%, while the Spanish grew by 13%.
86. The cumulative number of breached accounts in the European region hit 28 million in the second quarter and 17.9 million in the previous quarter. This reflects a growth rate of 56%, with almost half of all the breached accounts in this region coming from Russia.
87. In the first quarter, Asia had the second-highest number of breached accounts, with a record of 10.9 million compromised accounts. But the value dipped to 5.8 million in the second quarter.
88. Africa slightly reduced breached accounts between the two quarters, from 1 million to 980,000.
Password Breach Density Statistics and Review by Country
89. The table below gives us an idea of the password breach in terms of density at a glance. Here is a list starting from the highest in the second quarter of 2023.
Sovereign nation | Geographical region | Compromised accounts daily in a quarter | Density (accounts per 1000 people) | Rank |
America | North America | 547,508 | 147 | 1st |
Russia | Europe | 167,890 | 106 | 2nd |
Spain | Europe | 40,933 | 78 | 3rd |
Finland | Europe | 4,742 | 78 | 4th |
Australia | Oceania | 20,883 | 72 | 5th |
Sweden | Europe | 8,176 | 70 | 6th |
France | Europe | 37,853 | 53 | 7th |
South Sudan | Africa | 4,234 | 35 | 8th |
Turkey | Asia | 30,221 | 32 | 9th |
Denmark | Europe | 1,867 | 29 | 10th |
90. The density calculation for each country is the total number of breaches divided by the country’s population. The record provides clarity on the chances of password breaches that occur in a country.
91. For instance, if two countries have an equal number of hacked passworded accounts, the one with a smaller population will be more prone to cyber-attacks than the country with a larger population size.
92. For more elaboration, Finland is a classic example of this scenario. The table shows that Finland is not in the top five list regarding the number of compromised accounts.
93. However, its small population makes it among the top four countries most likely to experience password breaches. This places Finland at par with Spain in terms of density despite the latter having an overwhelmingly bigger number of breached accounts.
94. Russia and the US top the list of countries with the highest density regarding breached data in the second quarter of 2023. In America, the density record was at its highest in the second quarter of 2023.
Conclusion
Information on statistics for breaches in passwords reflects the importance of more sensitization on the right attitude towards password management. This move goes beyond having the right policies in an institution and their enforcement. The more people use stronger passwords, the less occurrence of password breaches.
Developers of apps both on Android and IOS platforms should endeavor to use biometrics as a standard authentication. This offers more security than ordinary passwords. With the current trend, biometrics will become the norm, and it’s just a matter of time.
Frequently Asked Questions
How does a cybercriminal bypass my password security?
How can I secure my passwords?
What password manager is recommended?
Source: