Password Security Statistics

20 Password Security Statistics You Must Read in 2024

Published on: July 5, 2023
Last Updated: July 5, 2023

20 Password Security Statistics You Must Read in 2024

Published on: July 5, 2023
Last Updated: July 5, 2023

How secure are your computer and account passwords?

In these password security statistics, we will reveal things that impact how secure or not secure your passwords are.

Passwords are used to authenticate that you are the person trying to access your account or other online service or computer system.

Your passwords should be kept secret and only you should know what they are. 

Sharing passwords is one issue related to unauthorized access to accounts and systems.

You should be the only one with access to these credentials.

Sadly, too many people don’t use strong passwords that will keep their accounts and their personal information safe.

If you’re lax about your password security, you’re opening yourself up to cyberattacks and nefarious hackers who are more than happy to have your information to use for themselves. 

Let’s dig into some statistics that you need to know.

Having a strong, secure password is more important than you realize.

Resource Contents show

Key Statistics

  • The average person has 85 online accounts that require passwords.
  • Passwords should be a minimum of eight characters to be strong.
  • A sequence of 16 characters is defined as a “truly strong” password.
  • In 2018, 336 million Twitter users were prompted to change their passwords.
  • 62% of businesses aren’t protecting mobile phone data.
  • 70% of organizations were victimized by ransomware in 2022.
  • 33% of malware breaches in 2022 were caused by password dumper malware.
  • MFA is thought to prevent 99.9% of all cyberattacks.
  • Over 81% of all data breaches occur because of weak password usage.
  • Since 2017, roughly 555 million stolen passwords have been published on the dark web by hackers.

Top Password Security Statistics in 2024


1. The Average Person Has 85 Online Accounts that Require Passwords.

According to data from 2020, the average person has 85 online accounts that require passwords.

Each account should have its own strong and secure password, but the statistics say you’re likely using the same passwords for at least some of these accounts.

So, if a hacker gets that password, you’re using 2 or all 85 accounts, they have access to them all.

These criminals can do a lot of damage with that information.

(CNET, 2020)

2. Passwords Should Be a Minimum of Eight Characters to Be Strong.

If you’ve ever entered a password for an account, you know that there are specific requirements.

Some ask for more than 6 characters, but the NIST (National Institute of Standards and Technology) recommends at least 8 characters.

Even better, 12 characters to make it much harder for hackers to decipher (62 trillion times longer to crack).

(CNBC, 2022)

3. A Sequence of 16 Characters Is Defined as A “Truly Strong” Password.

The ANSSI, Agence nationale de la sécurité des systèmes d’information (French National Agency for the Security of Information Systems) defines a truly strong password as one with a sequence of 16 characters.

This would make your password even harder to remember, but it’s a thought.

(Scientific American)

4. In 2018, 336 Million Twitter Users Were Prompted to Change Their Passwords.

In 2018, Twitter found a “bug” in their system that was storing passwords in plain-text format in one of the internal systems.

Twitter announced that they found no reason for alarm or indication that any misuse or breach occurred.

However, they did urge the 336 million users to change their passwords.

This was a good suggestion for maintaining password security.

(The Guardian)

5. 62% of Businesses Aren’t Protecting Mobile Phone Data.

In a Yubico-sponsored survey by the Ponemon Insitute revealed that IT security participants said that businesses aren’t taking the necessary steps to protect mobile data.

Furthermore, 51% of employees use their personal smartphones for work-related tasks and 56% of them don’t use two-factor authorization.

This can result in password-related breaches.

(2020 Ponemon Institute Research Report) 

6. 70% of Organizations Were Victimized by Ransomware in 2022.

Due in large part to the lack of strong passwords and solid security measures, 70% of organizations fell victim to ransomware in 2022.

We know that the strength of a password is the first line of defense for cyberattack protection.

By regularly changing your passwords, not reusing passwords, and using symbols, letters, and numbers with no meaning, you can help protect from cyber-attacks.


7. 33% of Malware Breaches in 2022 Were Caused by Password Dumper Malware.

In 2022 alone, 33% of all malware breaches were caused by password dumper malware programs.

That’s one-third of all malware breaches.

When a solid password security management protocol is in place, these things are less likely to happen.

Password sharing, having passwords written on sticky notes, and other poor password practices are a few reasons this may occur.


8. MFA is Thought to Prevent 99.9% of All Cyberattacks.

MFA is multifactor authentication that uses a combination of distinct elements to help prove who you are before gaining access to systems, accounts, etc. This can include elements such as your password, an SMS text or authentication app, and/or biometrics like fingerprint and facial scans.


9. Over 81% of All Data Breaches Occur Because of Weak Password Usage.

Did you know that during the pandemic cybercrimes increased by 85%?

That statistic alone should make us want to change our password creation and usage behavior.


Because data from 2021 revealed that over 81% of all data breaches occurred due to using weak passwords.


10. Since 2017, Roughly 555 Million Stolen Passwords Have Been Published on The Dark Web by Hackers.

Yes, it’s true. Around 555 million stolen passwords have been published on the dark web by ruthless individuals.

(BSG on LinkedIn)

11. Out of 27% of People Who Tried to Guess a Password, 17% Got It Right.

Can we risk our passwords to even a 17% chance that some nefarious hacker might guess it?

According to the Google/Harris Poll of 2019, that is what happens when you use easy-to-guess passwords.

So, we shouldn’t do that.

(Google/Harris Poll 2019, USA Today)

12. Every 39 Seconds a Malicious Hacking Event Occurs.

The University of Maryland conducted a study in 2007 that revealed malicious hacking attacks occur every 39 seconds.

The research saw that nefarious hackers targeted their computer 2,244 times each day.

The data showed that malicious hacking events occur every 39 seconds across the globe.

(University of Maryland, WebsiteBuilder, 2022)

13. Out Of 2.2 Billion User-Generated Unique Passwords, About 7% Are Curse Words. 


In a Cybernews analysis of password usage, they discovered that 152,933,335 passwords contained curse words.

This figure represents 7% of the 2.2 billion passwords they analyzed. 27 million uses of the word “ass” was used, making it the favorite curse word of all.

(Cybernews, 2023)

14. The Most Popular Year Used in Passwords Is 2010.

Cybernews found almost 10 million uses of the year 2010 in passwords in their analysis of 2.2 billion passwords.

Moreover, there are other popular years being used in passwords such as, 1940, 1975, 1987, and 2000.

This could indicate a person’s birth year, a special year in their life, or the year that they created the password.

Either way, years may not be the best thing to use in passwords.

(Cybernews, 2023)

15. 1987 Is the Second Most-Used Password with 8.4 Million Uses and Variations.

The Cybernews analysis also found that 1987 is a widely used year in passwords with 8.4 million uses and variations of it.

It’s second only to 2010.

According to the password analysis, 1991 ranked third in password usage with almost 8.3 million, It’s not far behind 1987.

(Cybernews, 2023)

16. In Terms of Cities, Abu Is the Most Used City-Related Words Used in Passwords.

Besides the common passwords like 123456, password, qwerty, and 111111, the most used city-related word used in passwords is Abu.

The Cybernews analysis discovered this and found that Abu is likely short for Abu Dhabi due to how it’s used.

(Cybernews, 2023)

17. Google/Harris Poll Found that People 50 and Older Use Different Passwords for Each Account They Have.

Among the older crowd, 50-plus to be exact, a different password for each account is used.

The 50+ crowd also feels updating their security programs is very important.

This age group is also less likely to click on links for account recovery or use password management resources

(Google/Harris Poll 2019 2)

18. Among 16- to 24-Year-Olds, 2FA is Their Password Protection of Choice.

Among the younger crowd (16-24), 2FA is used more and they regularly update their apps.

Also, they are less likely to change their primary account password over a 12-month period and they do know what phishing is. 

(Google/Harris Poll 2019 2)

19. 59% of People in The Google/Harris Poll Survey Said They Think Their Accounts Are Safer than The Average Person’s.

It may seem a little arrogant for 59% of people in a survey to claim that they think their accounts are safer than other people’s accounts from online threats, they could be right.

On the other hand, this survey discovered that 69% of people gave themselves an “A” or “B” for their online protection practices.

(Google/Harris Poll 2019 2)

20. Most People Comprehend the Significance of Recovery Information.


What does it mean? This relates to the survey and the understanding of recovery information.

In fact, 87% said they have a secondary email address they use for recovery.

Another 73% said they use their mobile device for recovery. That’s impressive.

(Google/Harris Poll 2019 2)


What Are Some of The Elements of A Strong Password?

When you go to a website to sign up for any kind of account you will find specific password requirements right off the bat.

This can include requiring symbols and alphanumeric characters.

However, that’s not all you need to do to protect your password from being hacked along with your vital data.

A strong password should:

• Include longer phrases or works that are easy for you to remember. It should be three or more words that don’t commonly go together. Example: stablemaybegrabbattery. 

• Include a combination of symbols, numbers, and letters of both upper and lower case. Numbers are known to make passwords more challenging to hack, which is why most services require them. Example: stable257maybegrab#battery.

• Avoid using commonly overused words like “password” or “qwerty”.

•Avoid using information that is of public record about you, or that can easily be found. Example: your name, your birthday, your address, child’s name, etc.

• Avoid reliance upon letter or number substitutions since they are easily figured out by software and humans. Example: p@ssc0de (passcode substitution).

• Avoid reusing your passwords across multiple accounts. We can’t stress this enough. Once a hacker has one single password used on 2 or more accounts, they are going to take advantage of that.

Please don’t use the passwords we used as examples here.

How Often Should I Change My Password?

Recommendations for how often to change your password(s) differ across professionals and security companies.

Some say at least once a month, while others say at least every 90-120 days.

Changing it every day would be inconvenient to say the least, but once a week or bi-weekly is feasible. 

However, out of all the recommendations you will find online, the most recommended is to change it no more often than once a year unless:

• You discover malware on your system
• You’ve shared your password with someone who no longer needs it
• You log into your services through a shared or public computer
• You get a notification that you have unauthorized activity on an account.
• You get a prompt to change your password.

Be aware of email phishing when you get one that wants you to click a link to go change your credentials.

Instead, go directly to the website mentioned in the email without clicking the link and change your password from there.

What’s the Best Way to Remember My Passwords?

It’s beyond hard to remember all the passwords we use these days, so what can you do to remember them all while keeping your information safe and secure?

Password managers like LastPass can be used to not only securely store your passwords, but also generate secure passwords and other helpful features.

This system has a “master password” that you must have to use it, so you can remember that one password and have access to your others.

Keep that one password to yourself and make sure it’s a strong one.

Should I Be Using 2FA?

2FA is also known as two-factor authentication.

If you truly want to do what’s necessary to protect yourself and your data, yes, you need to use 2FA or MFA (multifactor authentication). 

Options for 2FA:

• A single-use code is sent to your phone pr email.
• A code from an authentication app on your phone.
• Fingerprint, thumbprint, retinal scans, or facial recognition tp confirm your identity.


We can see the seriousness and the state of password security from reading this article.

We need to put more thought and care into creating passwords and how we use them.

We can take away from this, that due to the wide use of curse words, we should avoid them for our passwords.

Plus, anything that is easy to guess like birthday information, spouse/partner names, or anything that can easily be seen online or found.

Hackers know this data.

Also, 2FA and MFA help protect you further, but it’s also fallible, especially if you’re using easy-to-guess passwords.

It must start somewhere, right?

We hope you have learned more about protecting your accounts and systems from these password security statistics.


2020 Ponemon Institute Research ReportBSG on LinkedInCNBC, 2022
CNET, 2020Cybernews, 2023DeanDorton
EmbrokerGoogle/Harris Poll 2019Google/Harris Poll 2019 2
LinkedInPort53Scientific American
The GuardianUniversity of MarylandUSA Today
WebsiteBuilder, 2022

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Jason Wise

Hello! I’m the editor at EarthWeb, with a particular interest in business and technology topics, including social media, privacy, and cryptocurrency. As an experienced editor and researcher, I have a passion for exploring the latest trends and innovations in these fields and sharing my insights with our readers. I also enjoy testing and reviewing products, and you’ll often find my reviews and recommendations on EarthWeb. With a focus on providing informative and engaging content, I am committed to ensuring that EarthWeb remains a leading source of news and analysis in the tech industry.