Password Faux Pas

Beyond Identity Blog | Monday, May 10, 2021

Key Takeaways

  • Over a third of people would be embarrassed to say one of their passwords aloud.
  • 50% of people rely on their memory to recall their passwords, while 1 in 3 keep track with a pen and paper.
  • 1 in 10 people have been using the same password since middle or high school.

Passwords are a part of our day-to-day life – from checking your email to logging in to a work computer or checking your bank account. So why is it that we don’t take them more seriously?

In a 2020 report, more than 1,100 data breaches impacted just over 300 million individuals. Of these breaches, 21% exposed emails or passwords. This means that for millions of people, the key to the most intimate details of their life was exposed, making them vulnerable to a myriad of complications including identity theft and fraud. This inspired us to explore people’s habits regarding password security in more detail.

To find out more about how people create their passwords, store them, use them, and change them, we surveyed 1,030 Americans. Keep reading to see what people are or aren’t doing to keep their personal life secured and how their best (and worst) practices have impacted them.

Password Preferences

In February 2021, the largest ever compilation of data breaches was leaked online and it exposed nearly 3.2 billion unique email and password combinations. To put this in perspective, the entire global population is approximately 7.9 billion. With so many people affected by this breach, it’s likely some of our respondents aren’t even aware that their passwords have been compromised.

Personal password practices

Only 26% of our respondents were able to say that they have never had their password knowingly breached. When it comes to reusing passwords across multiple sites, which makes your information even more vulnerable, Gen Zers and millennials were the biggest culprits, with more than half of these generations reporting that they were at least somewhat likely to reuse their passwords. Baby boomers and older generations were the most responsible across the ages, with over a quarter of respondents reporting that they were not at all likely to reuse a password.  

As if reusing passwords across accounts wasn’t risky enough, many people also reported being comfortable sharing these life keys with other people, such as their spouse (68%), significant other (57%), and even parents (43%). Sharing passwords, despite increasing ease of access, adds to the risk of exposing your most personal information. 

Password Tracking and Creation

Remembering passwords can be difficult, which is probably why more than 46% of our respondents were very or extremely likely to reuse a password across multiple platforms. While this is a risky practice, how you choose to remember your passwords can be just as risky. 

how people keep track of passwords

The majority of respondents said they commit their passwords to memory, and another 40% said they use a password manager app. What’s startling is that more than 20% of people are writing out their passwords on paper, in computer documents, and through phone notes. But when it comes to a password breach, where you store your password isn’t going to save you. These types of compromises are usually by breaching institutional-level databases where records are stored.

But every now and then when you forget your password or a site prompts you to update your safe code, you have to create a new one. The majority of baby boomer and Gen Z respondents reported relying on randomly generating their own passwords, whereas Gen Xers and millennials seemed to rely on both randomly generating it themselves and using a personal system for creating new codes.

Playful Passcodes

With so many people committing codes to memory, it makes sense that most choose something that means something to them and is easy to remember. It could be a loved one’s name, a pet’s name, or a favorite travel destination. Or it might be something just plain funny – or embarrassing. 

embarrassing passwords

In fact, 38% of respondents said they’d be embarrassed to say their passwords aloud. Millennials and Gen Zers were most guilty of this, with 42% of both generations admitting to being embarrassed about voicing their passwords.

Most of our respondents said their oldest password had been in rotation for two years or less, but roughly 34% of respondents said their passwords had been in use anywhere from 6 to 20 years; with 1 in 10 respondents having used at least one password since middle or high school. 

Changing the Lock

So if there isn’t a consensus on how frequently you need to change your password, what should you do? 

security practices by generation

The majority of our respondents said they do change passwords at least every year. While most of our respondents – regardless of generation – admitted that their password security for personal accounts and professional accounts were about the same, more than a third of each generation said that their professional accounts were slightly or much more secure than their personal ones. 

In terms of social media accounts, 41% of respondents said Facebook was their most secure social media password, perhaps because many people use Facebook to log in across multiple sites and apps. Likely because of its wide use, Facebook was also most likely to be listed as having the least secure password. Gen Z was the only generation not likely to rate Facebook as having their most secure password; Instagram, instead, was highlighted as their most secure.

least and most secure social media passwords

Signing Out

While passwords are integrated into every part of our personal and professional lives, a lot of people are still experiencing breaches and hacks, exposing their most confidential and valuable information. Passwords are an outdated method used to protect your information and there are new and better ways to choose from, like Beyond Identity. 

Considering only 26% of respondents have never knowingly experienced a password breach, it’s time to think differently about how we secure our information. At Beyond Identity, we want to empower you to protect your digital identity seamlessly. No need to jump through hoops or pick up multiple devices just to feel like your information is safe. We allow people and businesses to secure their information through our omnichannel authentication platform without the use of any passwords, codes, or second devices. Retire your password and see how Beyond Identity can help keep you, your business, and your customers safe.

Methodology and Limitations

We collected 1,030 responses from the Amazon Mechanical Turk survey platform. Fifty-four percent of our participants were men, and 46% were women. Participants ranged in age from 19 to 88 with a mean of 39 and a standard deviation of 12.5. The generational breakdown of our respondents was 12% baby boomers or older, 25% Generation X, 58% millennials, and 5% Generation Z. For a 90% confidence level, the margin of error for each was 7%, 5%, 3%, and 11%, respectively. It is possible that with more Generation Z participants, we could have gained more insight into this age group.

The data we are presenting rely on self-report. There are many issues with self-reported data. These issues include, but are not limited to, the following: selective memory, telescoping, attribution, and exaggeration.

Fair Use Statement

Know someone who could be educated on password best practices? Feel free to share this study with them as long as it’s for noncommercial use. Don’t forget to link back to the full study when you share so that people can read more about the data and our methodology.