Protecting accounts and devices with a password is a primary method of securing data, but it presents its own problems, including how to remember all your passwords. One solution is using a password manager, a software application that generates hard-to-hack passwords, and stores them in an encrypted database protected by one master password.
However, our recent survey found that rather than using a password manager, the majority of Americans rely on many less secure methods of password management, including using the same passwords across multiple accounts. The reuse of passwords can actually lead to more data breaches — once hackers have a password for one of your accounts, they will try to use it to access others.
Survey Data: We partnered with YouGov, a recognized authority in public opinion data, to survey 1,283 Americans aged 18-55+.
Nearly 58% of Americans have experienced a data breach
Having your personal information compromised through a data breach can have a lot of negative consequences, including identity theft, various types of fraud, damage to your credit score, and more.
According to our survey, 21.1% of respondents have had a financial account breached, including banking, credit cards, and PayPal. Email hacks accounted for 19.3% of all security breaches, while 18.8% of respondents said they’ve had a social media account breached.
The 2017 Equifax data breach, which affected over 140 million Americans, was highlighted as well — 7.7% of respondents selected this data breach as a way their personal information was stolen.
Despite the prevalence of these high-stakes types of data breaches — those that contain sensitive information — people don’t seem convinced in the importance of good password habits, including using different, strong passwords for every account.
85% of people know that using the same password is risky
According to experts, one of the most dangerous password habits is reusing passwords across multiple sites and accounts. Most Americans are aware of this, although how seriously they heed these warnings depends on age, to a degree.
Our survey found that 19.4% of individuals aged 18-34 don’t believe that using the same password or a variation of the same password is risky, compared to 14% of those aged 35-54, and 14.1% of those 55 and older.
Yet, nearly 25% of people use the same password, or a variation of the same password
While the majority of people know that using the same password or a variation thereof is risky, 23.5% of survey respondents said they do it anyway. This reveals a level of cognitive dissonance when it comes to safe and smart password habits.
Given the fact that a higher number of people aged 18-34 said they don’t believe reusing passwords is risky, it’s not surprising that more people in that age group said they reuse passwords. Twenty-nine percent of 18-34 year-olds reuse passwords, compared to 24.9% of 35-54 year-olds, and 18.7% of people aged 55 and over.
Part of this may stem from the sheer number of password-protected accounts and devices we have in our lives. A recent study found that the average person has 70-80 accounts that require passwords. Considering that many programs have specific password parameters in place, it’s not surprising that people turn to a variety of tactics — many of them risky — to keep track of it all.
Nearly 40% of survey respondents said they write their passwords on paper to remember them, while 22% said they store passwords on their phone or another device. Meanwhile, 30% of respondents said they rely solely on their memory.
Despite the fact that password managers exist to help people keep track of this information, only 22.5% of Americans use a password manager app. Their usage is most common among couples who are living together; 35.4% of those who are cohabitating use a password manager, compared to 21.5% of single people.
65% of Americans do not trust password managers
A lack of trust is the most common reason why people do not use password managers, according to our survey. Thirty-four percent of respondents said they worry that their password manager could be hacked, while 30.5% said they don’t trust password manager companies with their information.
Fears of password manager hacking were more prevalent among individuals 55 and older, 37.4% of whom said they don’t use a password manager for this reason. Also among this age group, 20.1% of respondents said they don’t use a password manager because they didn’t know what a password manager is, compared to 12% of 35-54 year-olds, and 14.1% of 18-34 year-olds.
About 10% of individuals said, rather than use a password manager, they use multi-factor authentication (MFA) to protect their accounts. Multi-factor authentication requires additional steps or credentials, such as facial recognition, fingerprint, or security questions, to access an account. While MFA does provide better security than a password alone, it is still not a widely used security method.
Nearly half of Americans say they would not use a password manager
Beyond not currently using a password manager, 48.4% of individuals say that nothing could motivate them to use one in the future.
Experiencing some type of data breach, including getting an important account hacked, or experiencing identity theft or financial losses, would motivate 35.8% of people to start using a password manager.
Cost and ease of use also play a role in whether people would start using a password manager. Twenty-eight percent of respondents said they would use a password manager if it were free, while 22.6% said they would try a password manager based on shareability and importability. It should be noted that although most popular password managers cost around $3 per month, there are free options available.
However, only 7.9% of those surveyed said they would consider using a password manager if they couldn’t rely on memory alone to keep track of their passwords.