World Password Day: Study shows enthusiasm for passwordless
To mark World Password Day on May 4, Bitwarden has announced the results of its third annual global password management survey.
The survey probes ongoing user password habits such as continued password reuse, ever-present cybersecurity risks, and growing interest in passwordless authentication.
Research looks into users' password habits
Despite the increase in cyberattacks, the research shows that people are still putting their security at risk with 85% of global respondents reusing passwords across multiple sites. Over half (52%) of global respondents said they use easily identifiable information in their passwords, such as company/brand names, well-known song lyrics, pet names, and names of children, partners, or other loved ones.
Almost two-thirds (58%) of respondents said they rely on their memories to manage passwords for websites, apps, and services at home or at work - up from 55% last year, yet 51% have to regularly reset their passwords because they can’t remember them. Meanwhile, 77% use passwords that are at least nine characters long; and 58% use two-factor authentication (2FA) for work accounts and 66% for personal accounts.
The survey also points to some significant vulnerabilities:
- A fifth (20%) of global respondents report being affected by a data breach in the past 18 months; while data breaches may not be preventable, they tend to have a ripple effect for those that reuse their passwords
- Almost three-fourths (73%) of global respondents manage passwords for 10 or more sites - a number that has particular resonance when considering the percentage of people who rely on memory to manage passwords
- Around a fifth (19%) globally have used a password that included the word “password” or a variant spelling of the word
- Nearly all (91%) respondents are concerned about cybersecurity threats
- Globally, 26% have been reusing the same password for more than a decade
Beyond passwords: users excited about passwordless technology
The survey explored sentiments around passwordless technology such as biometrics, passkeys, and security keys. A majority (56%) of respondents reported being ‘excited’ about passwordless technology. Of respondents using passwordless authentication, 50% are or would consider using biometrics such as facial recognition, fingerprint, and voice to represent ‘something you are’ and 20% would prefer a PIN, name, or word for ‘something you know’.
Global respondents who said they were not excited about passwordless authentication cited a few qualms: 57% prefer to use their memory over their fingerprint or face and 38% were worried about their fingerprint or face ID being used against them. The first finding further illustrates the propensity of users to rely on their memories to manage their passwords, a strategy that comes at a cost with users resorting to weaker, more memorable passwords.
Sharing passwords still popular
The results also looked at habits when it comes to sharing passwords for digital apps and streaming. In spite of news around Netflix’s plans to crack down on password sharing this year, 36% of global respondents still share passwords for TV streaming services.
That’s higher than global respondents who share passwords for social media apps (24%), banking apps (21%) and music streaming apps (21%).
Similar to prior surveys, the 2023 survey probed password managers in the workplace. Last year, 25% of global respondents said they were required to use a password manager at work. This year tracked similarly, with 23% reporting workplace usage. And of those required to use password managers, 88% reported their employer provided the software.
“This year’s survey delivered encouraging results around passwordless technology and 2FA,” said Bitwarden CEO Michael Crandell. “Other results show room for upside. While over half of respondents use password managers, there is clearly still major room for growth in adoption. Password managers mitigate the need for password reuse and trying to rely on fickle and fleeting memory.
“Equipping users with the tools they need to use strong and unique passwords for sites that require passwords – and passwordless authentication for those that support it – means they are much less likely to suffer the pain of a data breach.”
To view the full report, visit https://bitwarden.com/resources/world-password-day/.
- Flexential: Momentum Report Highlights Hybrid IT InnovationCloud & Cybersecurity
- Dell Technologies: Firms Expect AI to Transform IndustriesAI & Machine Learning
- Coca-Cola & Microsoft Partner to Accelerate Cloud and Gen AICloud & Cybersecurity
- Microsoft, AWS & Oracle: Why Big Tech is Investing in JapanDigital Transformation