Most people still rely on memory or pen and paper for password management

Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices.

The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse significantly heighten cybersecurity risks and identity theft.

Discrepancy between cybersecurity confidence and behaviors

There is a critical need for enhanced awareness and education about better cybersecurity habits at home and work. Despite 60% of users claiming they feel confident in identifying a phishing attack and 68% feeling prepared to identify and mitigate AI-enhanced cyberattacks, many respondents still resort to risky password management methods. 54% of individuals rely on memory and 33% use pen and paper to manage their passwords at home. In comparison, 41% said they very frequently or somewhat frequently access personal and work data on public networks, increasing their vulnerability.

This might explain the persistence of personal security breaches. Nineteen percent of global users admitted to having experienced a security breach or data loss due to their password habits, and 23% confirmed their passwords had been stolen or compromised in the past. This underscores the cognitive dissonance between users’ security postures and their actual practices.

Interestingly, the survey indicates a higher incidence rate in the US, with 23% of US respondents admitting to experiencing security breaches and 26% confirming their passwords have been stolen or compromised.

Weak user password practices

The survey’s findings illustrate that individual password habits at work mirror those at home. Most respondents admit to relying on memory (53%) and pen and paper (34%) for their workplace accounts. Just under half (48%) reveal that they somewhat frequently or very frequently reuse passwords across workplace platforms or accounts.

The positive impact of regular security training focused on safeguarding login credentials against common threats is clear, with almost all (94%) of those who report receiving this training (48% of global respondents) saying they are confident in counteracting those threats. Their behavior, however, paints a different picture, with more than a third of respondents (37%) classifying their workplace security habits as somewhat or very risky.

Global users persist in using weak or personal info-based passwords (39%), storing work passwords insecurely (35%), not using 2FA (33%), and sharing passwords insecurely (32%).

Stronger cybersecurity habits on the rise

Despite the password security challenges, the survey reveals encouraging trends, demonstrating that users are increasingly adopting more responsible cybersecurity behaviors. 51% of respondents globally who have adopted a password manager at home report becoming more security conscious at work, and 45% say they reuse passwords less frequently. This extends beyond personal use, with 28% sharing the benefits of password management software within the workplace.

Likewise, the positive influence of using password managers at work is evident in respondents’ personal lives, with 52% acknowledging increased security awareness at home, alongside a reduced frequency of password reuse (41%).

Adoption of two-factor authentication (2FA) is on the rise, with 80% of global respondents using it for most personal accounts or certain important accounts, and 66% using it for most workplace accounts or only for important accounts.

Globally, there is good awareness of its importance as a secondary security layer, with 57% of all respondents using 2FA to enhance their security posture as a result of an increase in phishing attacks. The growing frequency of cyberattacks targeting employees’ credentials has not gone unnoticed either. Sixty-five percent of respondents have made some improvements or have increased safeguards to enhance security posture, showcasing a commitment to stronger cybersecurity practices across personal and professional settings.

Progress in passkey adoption

Despite only forty-five percent of global survey respondents having adopted passkeys, more than half (52%) feel they have a good understanding of their security advantages, signaling a greater shift towards passwordless is on the horizon. Despite growing adoption, concerns about privacy and security persist.

Users are equally apprehensive about data misuse (31%), monitoring uncertainties (31%), unauthorized access (31%), whilst a further 29% also have doubts about secure storage. Transparent communication and strong security assurances are essential to address these issues, boost user confidence, and promote broader acceptance of passkeys.

If organizations adopted passkeys, 62% of respondents feel their trust in their company’s security resilience would increase, and 66% would be more inclined to use passkeys personally if their workplace implemented them. Fifty-one percent of respondents foresee passkeys and passwords coexisting whilst only 17% anticipate passkeys will make passwords obsolete. Regardless of individuals’ outlook on the future of passkeys, almost half (44%) feel the industry needs to enhance its efforts in educating the public about the benefits of passkey technology.