anatomy of a password

Over 1,000 Americans Divulge Their Password Habits [Survey]

Categories: Infographic

Key Takeaways

  • One in ten respondents believed that someone could guess their password by looking through their social media accounts.
  • More than one in three respondents had tried to guess someone else’s password, and over 73% of them were successful.
  • Respondents were most likely to share video streaming, music streaming, and phone passwords.
  • People tried to guess passwords for their romantic partners, parents, and children the most. 

With 2,200 cyberattacks occurring each day – translating to nearly one every 39 seconds – passwords are a bigger threat to online information safety than ever before. When protecting our accounts, there are certainly strategies we can use to significantly reduce the chances of our private information being hacked or exposed. We surveyed 1,015 people in the U.S. to learn more about their password-making strategies and how they generally conduct themselves in regards to online safety.

How safe do respondents feel their passwords are for their various accounts? Have they ever tried to guess other people’s passwords? Do they share theirs with other people? We also break down exactly what goes into respondent passwords based on their accounts. Read on to find out more!

Safe and Sound

How easy is it to guess passwords based on what we share online?

how safe are your passwords

Ten percent of respondents were worried that someone would be able to sift through their social media accounts and gain access to their passwords. Companies concerned about their password security have been making the move to eliminate passwords completely, as there does not seem to be a way to have both passwords and security. 

However, even when it came to sensitive information, such as online banking accounts, people had limited confidence in the security of their passwords. This can also be seen when looking at accounts that had been compromised, with 17.9% of respondents having experienced compromised or hacked online banking accounts. 

A Shot in the (Not So) Dark

Humans are curious by nature, which is why over a third of respondents admitted to having tried to guess someone else’s password (for whatever reason). 

guessing other people's passwords

Scarily enough, nearly three-quarters of those trying to obtain access to someone else’s account were able to guess the password successfully. People were most interested in gaining access to the accounts of their romantic partners, while parents’ accounts came second on the list. When taking a closer look, those trying to guess their boss’ password were trying to get into their employer’s work email, while phones were the most common target for those guessing the password of a romantic partner. 

Our respondents targeted personal emails (which we now know are the easiest to access) more than any other account. To effectively guess their victim’s password, nearly 40% simply used information they already knew about the person, while the second most common method was to check their social media profiles. Gaining access to an email account clearly isn’t rocket science, but there are measures that can be taken to improve security. For example, consider eliminating passwords completely, in order to prevent someone being able to access your company's accounts. 

The More the Merrier

Not everyone, however, needs to guess someone else’s password. Many of us are happy to share passwords with friends and family. 

sharing passwords

Maybe some people shouldn’t be too surprised about a cyberattack on their accounts, considering that, on average, people had shared three of their passwords with other people. The most popular account to share a password for was video streaming. While it may benefit friends and/or family to pay for one account and share passwords among them, it actually costs streaming services billions of dollars in lost revenue per year (although users seem to be unfazed by that).

While it makes sense, financially, to share passwords for video and music streaming services, it’s hard to wonder what the excuse is for giving people access to more sensitive information, such as personal email and online banking accounts (which over a quarter of respondents admitted to). Ironically, the money someone could save by sharing entertainment streaming services probably wouldn’t nearly cover the losses of a potential online banking theft.

External Help

Next, we took a closer look at how people actually create their passwords.

what makes generic passwords

On average, respondent passwords were 15 characters in length. Some opted to use a password generator for their accounts, especially for online banking and work-related ones. These generators are beneficial because they create strong, lengthy passwords for you at the push of a button, heavily reducing the chances of someone guessing your login information. However, hackers are still able to access accounts if they break into the database.

When breaking down the passwords respondents made up for themselves, the most common components were random letters and random characters replacing letters. Also, a lot of people opted to use personal information, like the name of their pet, birthdate/year, or a loved one’s name. To ensure secure success for work, entertainment, and financial logins, the top three strategies used were to include random characters, numbers, and letters throughout their passwords. Only for their personal accounts were respondents more likely to use a password incorporating a birth year than random letters.

For personal and entertainment accounts, respondents often included their children’s names within their passwords, but omitted them from their more serious accounts (work and financial). Furthermore, financial accounts were the only kind for which respondents included a state/city name and repeated characters in their password. 

Revolutionizing Online Safety

While some respondents felt pretty secure about passwords for their accounts, our survey showed that a lot of security issues were left to discuss. Simply by looking at how often respondents were successful in guessing someone’s passwords, and the amount of people that had their accounts compromised or hacked showed that passwords can pose a large security risk. Despite attempts being made to keep passwords secure by using password generators, and or manually creating passwords using random letters, characters, and numbers in their passwords, there is a better, and safer way, to help reduce risks and security breaches, by going passwordless instead. 

While there are recommended ways to fortify passwords and reduce the chances of an account break-in, what if there was a safer, more effective way to protect your information without the need for a password at all? Well, that’s where Beyond Identity comes in with phishing-resistant MFA. Their passwordless authentication solution is quick and easy to set up, provide an impenetrable defense against unwanted login attempts, and negate the need for constant password resets. Check out our revolutionary offering to see how your organization can ensure 24/7 protection for all your online accounts.

Methodology and Limitations

This study uses data from a survey of 1,015 people located in the U.S. Respondents were gathered through the Amazon Mechanical Turk survey platform where they were presented with a series of questions, including attention-check and disqualification questions. 58.5% of respondents identified as men, while 41.5% identified as women. Respondents ranged in age from 19 to 77 with an average age of 35. Millennials accounted for 26.8% of respondents, 27.5% were Gen Xers, 20.4% were baby boomers, and 25.3% were Gen Zers. Participants incorrectly answering any attention-check question had their answers disqualified. This study has a 3% margin of error on a 95% confidence interval. 

Please note that survey responses are self-reported and are subject to issues such as exaggeration, recency bias, and telescoping.

Fair Use Statement

We know we’ve touched on the danger of sharing information, but now, we’re encouraging you to send this article to your family or friends if you think they could benefit from it. We only ask that you do so for noncommercial use and to provide a link back to the original page so contributors can earn credit for their work.