55% of people rely on their memory to manage passwords

Bitwarden announced the results of its global password management survey, in advance of World Password Day on May 5th, 2022. While receptive to the importance of security, individuals continue to struggle with embracing password management habits that could better protect their data.

In the US, 31% of respondents experienced a data breach in the last 18 months, as compared to 23% globally. 81% of Americans log in to websites or apps multiple times a day, which may help explain why 67% believe it is more important a password be secure than be easy to remember (a sentiment also shared by 68% of global respondents). And, 98% of Americans state they are ‘very’ or ‘somewhat’ familiar with password security best practices.

Are those best practices being put to use? Overall, it’s a mixed bag:

• 85% of Americans reuse passwords across multiple sites, a number comparable to the rest of the globe (84%)
• 49% of U.S. respondents rely on their memory – a notoriously fickle tool – to manage passwords. On that note, 24% need to reset their passwords every day or multiple times a week
• 60% of Americans have an average password length of 9-15 characters (14 is considered a secure start point)
• Americans are still more likely (44%, up 4% from last year) to use a password manager than the rest of the globe (34%, up 3% from last year)
• Two-factor authentication (2FA) has gone global: 79% of US respondents use 2FA for workplace accounts and 77% use it for personal accounts. Globally, that number sits at 73% (work) and 78% (personal)

Despite well-documented geopolitical tumult and an increased attack surface from remote work practices, password managers in the workplace have yet to truly take off.

Only 32% of Americans are required to use a password manager at work. Globally, that number (25%) is even lower. In both cases, a majority (68% in the U.S and 64% globally) of respondents believe workplaces should provide employees with a password manager to protect credentials.

“The importance of password management best practices is getting through to people,” said Bitwarden CEO Michael Crandell. “Individuals understand they should be secure and that recognition is an important first step. But they can better protect themselves by embracing tools such as password managers that are readily available, and free. Password managers mitigate the need for an over-reliance on memory and password reuse across multiple sites.”

“Despite the documented effectiveness and low cost of password managers, workplaces surprisingly often leave employees to figure password management out themselves,” added Crandell.

“Employers should pay heed to the fact that employees want to be protected. In addition to the desire for password management software, 83% of global respondents believe employers should provide security tools and training specifically for a remote work environment. Cybersecurity risks are only increasing, so the time to make these changes is now.”

Darren Siegel, Product Specialist at Specops Software, notes that while it’s great to see more widespread adoption of longer passwords and 2FA, this report shows there is still a measurable set of users who continue to use short passwords as a single authentication factor, and password reuse if anything seems to be a growing problem.

“Attackers will always be looking for the weakest link in your security framework, so unless you are strictly enforcing long unique passwords and 2FA across all systems you still remain vulnerable to password-based attacks,” he added.