Passwords are an essential part of our modern lives. The abundance of digital services that require passwords means we must follow an impossible set of password rules to stay safe. Well, the death of the password was predicted many years ago. It was assumed that alternative authentication methods would be implemented to control access to IT infrastructure, data, and digital platforms. But since then, password use has only increased. Given that, we collected 38 password security statistics you need to be aware of in 2022.

38 password security statistics you should be aware of

1. 53% of respondents reported that their organizations had suffered data breaches directly related to mismanaged employee usernames and passwords.

2. 70% of respondents said they expected remote work to drive the cost of a breach higher. The study also revealed that compromised usernames and passwords resulted in the most expensive breaches.

3. In March 2020, 73% of organizations provided their employees with extra training on how to be “cyber-safe” while working from distance, with specific training focusing on password and credential verification.

4. 72% of IT experts said that passwords are the most common authentication factor used as part of MFA strategies at their companies.

5. Nearly nine in ten or 87% of respondents stated that passwordless authentication is “critical” or “very important” to a zero-trust strategy. Only 1% said it was “not very important,” and no one said passwordless authentication was “not at all important” for a zero-trust strategy.

6. Despite growing concerns about the security of their personal information, 49% of individuals are enhancing the security of their accounts and adding an additional layer of protection beyond a username and password. 56% are only willing to follow a new security practice or technology if it is easy to use and tremendously increases account security. Interestingly, 45% said that they don’t want to spend a significant amount of time protecting their accounts because it is only a matter of time until they get hacked.

7. 20% of IT security respondents and 35% of Individuals suffered an account takeover or hacking of their personal account. Of these, 76% of individuals and 65% of IT practitioners did change their passwords.

8. US-based IT leaders regarded passwordless authentication as “critical” for zero trust at the highest rate, with 40% of respondents.

9. When asked how they changed the way they manage passwords or protect their accounts, 52% said they change their passwords more frequently, 36% said they use unique passwords for as many accounts as possible, and 35% stated they added two-factor or multi-factor authentication where possible.

10. According to 49% of respondents, the reduced security risk is the most appealing potential advantage of a passwordless employee authentication solution. 39% voted for increased user experience. For 35% of respondents, a reduced burden on IT resources and staff is the most important benefit of passwordless employee authentication.

11. For organizations with a passwordless solution in place, remote employees (86%) are the predominant user population, followed by onsite employees (73%), suggesting that most organizations employ a significant hybrid workforce.

12. 50% of IT security professionals stated that their passwords are reused across personal accounts.

13. When asked what type of two-factor authentication individual users use for their personal accounts, 32% voted for mobile authentication apps and 27% stated they receive SMS codes on their phones.

14. 53% of respondents said they secure email accounts with two-factor (or multi-factor) authentication, 47% secure their social media accounts, and 43% use MFA to secure their banking and financial information.

15. The most-cited benefit for Multifactor Authentication (MFA) used in the enterprise is increased security for employees working from home, with about 74% of IT leaders naming this benefit.

16. Respondents asked what steps their organizations take to enhance corporate security: 44% said their companies require periodic password changes, 61% said their companies prohibit employees from reusing the same password on internal systems, and 24% said they assign randomly chosen passwords. On top of these, 36% said their organizations provide an alternative to keyboard entry such as voice recognition and biometrics.

17. An enhanced ability to meet compliance obligations (reported by 66% of respondents), cost savings (53%), and a decline in credential-related breaches (52%) also received higher marks as perceived advantages of MFA.

18. After passwords and security questions, one-time password (OTP) emerged as the third-most-popular authentication method, used by 65% of survey respondents.

19. According to a 2020 study, 8 out of 10 people found password management difficult.

20. Survey respondents cited numerous challenges to implementing passwordless authentication, chief among the integration issues due to technological complexity, reported by 41% of respondents. Respondents in the US cited integration issues at the highest rate (53%), followed by those in the APEC region (39%). Not quite a third (30%) of respondents in the UK cited this issue.

21. 33% of IT departments have already adopted passwordless authentication, with the APAC region reporting the highest adoption rate, at 41%.

22. Most organizations plan to adopt passwordless authentication for both employees and customers. 68% of IT security respondents say their organizations have passwordless authentication for employees and 64% say they will have it for customers’ accounts.

23. When asked, in what time frame, organizations plan to adopt a passwordless authentication solution for employees, 36% said they plan within 12 months, 25% said they plan within 2 years, and 3% said they are researching available options to be implemented.

24. 96% of respondents stated that the reason passwordless MFA was important to them was because it helped them stop credential theft and phishing. 21% stated that it allowed them to achieve digital transformation.

25. When asked about challenges in deploying conventional multi-factor authentication solutions, 49% named poor user experience. This was closely followed by difficulty to integrate with current systems (48%).

26. 24% of security professionals said their organization has faced a brute-force attack, including password spraying or credential stuffing, in the last 2 years.

27. Regulatory factors are also a strong driver of passwordless adoption, with 40% citing compliance as a priority.

28. IT security respondents were asked to rate the effectiveness of their organizations’ ability to protect its information assets on employees’ mobile phones on a scale of 1 = low effectiveness to 10 = high effectiveness. Only 27% of respondents say the steps they take are highly effective.

29. 90% of respondents experienced phishing attacks against their organization in 2021, and 29% saw credential stuffing in 2020.

30. 61% of respondents revealed that their organization’s “passwordless” MFA solution requires a shared secret, like a one-time password (OTP) or SMS code.

31. For organizations with a passwordless solution in place, internal users are the dominant user population, with remote employees (86%) and onsite employees (73%) leading, followed by external contractors and partners (43%).

32. There is a serious gap between IT security respondents and individuals who say their organization has a password policy for employees. 67% of IT expert respondents and 55% of individuals said their companies have a password policy. Nevertheless, only 41% of IT security respondents and 35% of individuals say the password policy is strictly enforced.

33. Nearly 50% of IT security respondents say they frequently could not access information critical for work because they didn’t have access to their phones to either receive a code for verification or use an authenticator.

34. As a consequence of not being able to access critical information because of a forgotten password, 55% of respondents would prefer a method of protecting their personal or business accounts without having to remember their passwords.

35. 59% of respondents said that their organizations simply rely on human memory to manage and protect their passwords. 41% said they use sticky notes, 37% stated they use browser extensions that autofill passwords or remember users’ passwords, and only 28% said they use password management applications.

36. When asked what factors organizations prioritize while selecting a passwordless solution, 76% of respondents said “ease of integration” as a key factor. 30% of respondents confirmed that a passwordless MFA solution should have the ability to integrate with fraud and risk engines.

37. Biometrics are believed to increase the security of authentication processes. 65% of IT security respondents believe that biometrics would reduce the risk of workplace accounts being compromised.

38. 55% of IT security respondents protect corporate servers with two-factor authentication whereas 46% protect corpora email accounts.