Weak passwords increase the likelihood of your accounts being hacked.
Hackers can take personal information and release it, causing embarrassment and potentially disrupting your life.
They can also collect your financial details together and drain your accounts or take out loans in your name.
That can cause you issues for several years as it takes time to resolve the issues.
You may think that the quality of your passwords is not important as hackers will go after much bigger and wealthier targets.
The truth is a hacker looks for weak passwords and then exploits the information they can access.
In short, you need to understand the weak password statistics for 2023 and what you can do to make yours stronger.
Key Weak Password Statistics
- 30% of users have experienced a data breach due to weak passwords
- An estimated 81% of data breaches are because of poor password security
- As many as two thirds of Americans use one password across several accounts
- Approximately 43% of Americans have told someone their password
- 24% of Americans use the same common passwords
- 33% of passwords contain a pet’s name
- 27% of Americans have tried to guess someone else’s password
- 12-character passwords take 62 trillion times longer to hack than a six-character one
Weak Password Statistics 2023
1. 30% of Users Have Experienced a Data Breach Due to Weak Passwords
A weak password can be easily guessed or cracked, without the need for expensive or complicated software.
In most cases a weak password can be cracked simply by using the credential stuffing method.
Perhaps the most embarrassing part is that all the respondents in this survey were IT professionals and 30% of them had suffered a data breach due to a weak password.
Another 23% of respondents were unsure if they had been the victim of a data breach.
2. An Estimated 81% of Data Breaches Are Because of Poor Password Security
The Verizon 2021 data breach investigations report demonstrates that 81% of all security breaches are a direct result of weak passwords.
Considering 85% of breaches are a result of human elements, it’s clear that the majority of data breaches are down to human error, specifically having weak passwords.
3. As Many as Two Thirds of Americans Use One Password Across Several Accounts
The majority of Americans appear to be aware that weak passwords place them at risk of being hacked.
Despite this, a 2019 Google/Harris poll which spoke to 3,419 people, found that 66% of them used the same password on more than one account.
In some cases all their accounts had the same password.
Microsoft completed an analysis in 2019 and confirmed the issue. They found that 44 billion accounts used the same password on more than one account!
But that’s not all.
The Google/Harris poll confirmed just 37% of people use two-factor authentication and only 15% of people use a password manager.
Alongside this, just 34% of people change passwords regularly and an impressive 36% of people recorded their passwords and password changes on paper.
In short, the majority of people have weak passwords and poor security measures.
(Google, Harris Poll)
4. Approximately 43% of Americans Have Told Someone Their Password
The Harris poll discovered that nearly half of all Americans (43%) have shared their password with someone.
In many cases, (57%) the sharing was with a partner.
That can seem innocent enough, except that 11% of these people didn’t change the password after they broke up with their partner.
Interestingly, 10% of those surveyed still know the password shared with them by a former roommate, colleague, or even an ex-partner.
(The Harris Poll)
5. 24% of Americans Use the Same Common Passwords
A Google survey illuminated the fact that 24% of Americans use a common password. That’s one that is easy to remember and easy to crack.
They are used by millions of Americans, if you’re one of them you need to change your password immediately.
The ease of cracking these passwords is illustrated by Google’s survey, showing that 17% of people trying to guess a password have guessed correctly.
The most common passwords are:
(Google & NordPass)
6. 33% of Passwords Contain a Pet’s Name
It’s frustrating trying to remember dozens of different passwords, that’s why people use the same one and why they choose ones that are easy to remember.
Staggeringly, 33% of people choose passwords based on their pet’s name.
It’s easy to remember but, with a little help from social media, also very easy to crack.
7. 27% of Americans Have Tried to Guess Someone Else’s Password
The survey doesn’t look at the reasons why people tried to guess passwords.
But it does show that over a quarter of Americans, 27% of the country, have tried to guess someone’s password.
8. 12-Character Passwords Take 62 Trillion Times Longer to Hack than A Six-Character One
Cyber security experts will tell you the length of a password is important. The longer it is the better.
The simple truth is that adding just one character increases the number of combinations and makes it harder to crack.
For example, a six-character password using upper and lowercase letters alongside digits, will have 57 billion possible combinations.
That’s 57 billion versions of the password a brute force attack may have to try.
Add an extra character and it instantly increases the number of combinations.
Double the characters and the list of possible solutions will more than double.
Put simply, it would take 62 trillion times longer to hack.
In time terms, a six-character password can be hacked in approximately 16 seconds.
A 12-character password will take roughly 854 years.
What Makes A Weak Password?
Several factors make a password weak. The most obvious is one that is easy to guess.
In essence, this means one of the passwords on the most common password list.
Surprisingly Password and 123456 are still incredibly popular, despite most people guessing the password on the first or second attempt.
It’s not just using a common password that makes your password weak, the shorter it is the easier it is to crack and, therefore, the weaker it is.
Other factors that make your password weak are when you use personal information.
For example, most modern passwords need to include a number. When you choose your house number or your year of birth, you’re making it easy for someone to guess.
Don’t forget, your year of birth can be worked out from social media postings and your IP address gives away your physical address.
In other words, short passwords and those based on personal information are the weakest options.
Of course, while a complex and long password is definitely stronger and safer, it can still be considered weak if it is used on multiple accounts.
After all, it may be complicated to crack it but, once it has been cracked, the hackers will have access to all your accounts.
Any password with less than eight characters is considered a weak one.
Equally, using sequential numbers or following a pattern of letters on the keyboard, such as ‘qwerty’ makes it weaker.
If you have a weak password you need to change it immediately. If the password is stronger it still needs to be changed regularly.
How To Create Strong Passwords
The most obvious way to create strong passwords is to avoid the above mistakes.
That means choosing longer passwords, ideally at least 12 characters.
You should also use random letters, numbers, and special characters. They don’t need to spell a word or follow a recognizable pattern.
Of course, you should avoid using any words or numbers that you’re connected to personally, such as a loved one’s name, a pet, or perhaps your high school.
Alongside this, a strong password is one that is changed frequently.
Ideally you should change your passwords once a month. This can make it complicated to stay on top of your latest password.
That’s why the best approach to passwords is to use a password generator. These give you completely random passwords.
All you have to do is tell them the minimum length of the password and whether it needs to include numbers and special characters.
The management part of the tool will encrypt the passwords and store them for you, allowing you to access them whenever you need to.
Most people would prefer an alternative to passwords. This is starting to happen as face recognition and fingerprints become more commonplace.
However, at the moment passwords are still an essential part of your online security.
The best way to strengthen a strong password is to add additional authentication, commonly known as two-factor identification.
This is when a code needs to be sent to your phone before a transaction can be completed.
Doing this makes it very hard for a hacker to get into your account, even if they work out your password. Using two-factor identification doesn’t mean it’s okay to use a weak password.
If I Have a Long Password Will It Automatically Be Stronger?
The password will be stronger provided it is a random combination of letters and numbers.
However, it can still be hacked, especially if your password is leaked during a database breach.
You should have a long password, ideally at least 12 characters. But you should also change it regularly and straight away if you hear of a database breach.
Why Is a Weak Password Bad?
If you have a weak password for a social media account then you may wonder why it’s so bad. The problem is that weak passwords are easy to crack and they give the hacker access to your account.
If you pause and look at your account details you’ll realize that a hacker can see your name, address, date of birth, and other personal details.
It’s enough to get credit in your name, leaving you with a loan you didn’t take out and a lot of hassle trying to resolve the issuer and repair your credit rating.
How Often Should I Change My Password?
You can’t change a password too often. However, experts recommend you change it once a month.
Of course, if you become aware of a database breach that may include your password you should change it immediately.
The simple answer is no. If you don’t share your passwords then it’s harder for anyone else to hack your account.
In reality, many people share passwords with partners. This is generally acceptable if you trust them.
However, should you separate, make sure all passwords are changed.
No matter how amicable the breakup, it’s better that an ex doesn’t know your passwords.
We are living in a digital age, even cash is slowly disappearing as people move to contactless cards and paying via phone apps.
Even home appliances can be controlled from anywhere in the world.
Yet, despite the apparent comfort with technology, passwords remain a sticking point.
Most people know they need to be strong and changed regularly, but still use weak passwords.
It’s easier to remember, practical when you need to access an account, and makes your personal information more vulnerable.
That applies to individuals and businesses.
Don’t wait until your passwords are cracked and your account details are stolen. Pay attention to the weak password statistics for 2023 and change your passwords today.