Bitwarden, a credential management leader, has announced the results of its fourth annual World Password Day survey, in advance of World Password Day on 2 May 2024.
Bitwarden surveyed 2,400 individuals from the UK, US, Australia, France, Germany and Japan to delve into current user password practices. The survey examines password security habits at home and in the workplace, assesses the perceived impacts of phishing and AI on online security and captures user sentiment towards passkey adoption as an emerging authentication method.
Individuals reveal risky password practices at home
The survey shows that over half (55%) of UK-based individuals are reusing passwords for at least six of their accounts, with as many as 26% of respondents reusing passwords for 11-20+ accounts at home.
Nearly half of UK respondents (43%) admit to using personal information in their credentials, seven percentage points above the global average (36%) and 65% admit this information may be publicly accessible on social media platforms or online forums (34%).
These responses reveal a significant gap between recommended security practices and actual user behaviour, highlighting how weak password habits and password reuse significantly heighten cybersecurity risks and identity theft.
Discrepancy between cybersecurity confidence and behaviours
There is a critical need for enhanced awareness and education about better cybersecurity habits at home and at work. Despite 72% of UK users claiming they feel confident in their ability to identify a phishing attack and 72% feeling prepared to identify and mitigate AI-enhanced cyberattacks, a significant number of respondents still resort to risky password management methods.
In fact, the number of individuals relying on memory or pen and paper for passwords at home is nearly identical to those using these methods at work, coming in at 63% (compared to 60% at work) and 25% (compared to 25% at work). Almost half of respondents (47%) also revealed that they very frequently or somewhat frequently access personal and work data on public networks, increasing their vulnerability.
These behaviours have clear consequences, with nearly a fifth (17%) of UK users admitting to experiencing security breaches as a result of their personal password habits, and 24% confirming their passwords have been stolen or compromised in the past.
Weak personal password habits compromise workplace security
Despite the regularity of these unsafe password practices, 61% of UK respondents say they receive regular security training focused on safeguarding login credentials against common threats, and many say that they are confident (51%) in counteracting those threats.
The survey’s findings illustrate that individual password habits at work mirror those at home. Beyond relying on memory or pen and paper to remember passwords, nearly half of UK respondents (50%) also revealed that they somewhat frequently or very frequently reuse passwords across workplace platforms or accounts.
Meanwhile, nearly a quarter (23%) classify their workplace security habits as somewhat or very risky. Though lower than the global average of respondents classifying their workplace security habits as risky (37%), UK users persist in using weak or personal info-based passwords (48%), storing work passwords insecurely (35%), not using 2FA (38%) and sharing passwords insecurely (25%).
Stronger cybersecurity habits on the rise
Despite the password security challenges, the survey reveals encouraging trends, demonstrating that users are increasingly adopting more responsible cybersecurity behaviours. Over half (56%) of UK individuals (and 51% of respondents globally) that have adopted a password manager at home report becoming more security conscious at work, and 46% say they reuse passwords less frequently. This extends beyond personal use, with 27% sharing the benefits of password management software within the workplace.
The use of password managers at work appears to be having a positive impact on respondents’ personal security practices, with 63% acknowledging increased security awareness at home, alongside reduced password re-use (32%).
Adoption of Two-Factor Authentication (2FA) is on the rise, with 85% of UK respondents using it for most personal accounts or certain important accounts, and 74% using it for most workplace accounts or only for important accounts.
The growing frequency of cyberattacks targeting employees’ credentials has not gone unnoticed either. Seventy-two percent of respondents have made some improvements or have increased safeguards to enhance security posture, showcasing a commitment to stronger cybersecurity practices across personal and professional settings.
Progress in passkey adoption
Forty-seven percent of UK survey respondents have adopted passkeys, indicating a continued shift towards passwordless authentication. However, 43% of respondents still lack a full understanding or are unsure of their security advantages, signalling a need for more education on the benefits of passkeys over traditional passwords.
Despite growing adoption, concerns about privacy and security persist. Users express apprehensions regarding data misuse (31%), monitoring uncertainties (33%), unauthorised access (33%) and secure storage doubts (29%). Transparent communication and strong security assurances are essential to address these issues, boost user confidence and promote broader acceptance of passkeys.
If organisations adopted passkeys, 61% of respondents feel their trust in their company’s security resilience would increase and 70% would be more inclined to use passkeys personally. Just under half (49%) of respondents foresee passkeys and passwords coexisting and 19% anticipate passkeys will make passwords obsolete. Regardless of individuals’ outlook on the future of passkeys, however, a majority (63%) feel the industry needs to enhance its efforts in educating the public about the benefits of passkey technology.
Methodology
The Bitwarden World Password Day survey, conducted in Spring 2024, gathered insights from 400 individuals each from the US, UK, Australia, France, Germany and Japan about current password management habits and passkey adoption sentiments at home and at work.