Password Security
We've curated 21 cybersecurity statistics about Password Security to help you understand how evolving threats, advanced authentication methods, and best practices are shaping the way we protect our digital identities in 2025.
Top Vendors
Showing 1-20 of 21 results
44% of New Yorkers use unique passwords for all of their accounts, while 56% reported reusing passwords across multiple accounts.
42% of the world's top 1,000 most visited websites do not enforce any minimum password length requirements.
Only 1%, or five websites, among the top 1,000 most visited websites met all best-practice password criteria.
58% of the world's top 1,000 most visited websites do not require special characters for their passwords.
Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.
Over 31 million of the breached passwords were over 16 characters in length.
123456 was the most common compromised password found in a new list of breached cloud application credentials.
31.1 million breached passwords were over 16 characters in length.
The most commonly used keyboard walk pattern was “Qwerty,” which appeared over 1 million times in a list of compromised passwords.
Simple passwords like Pass@123 and P@ssw0rd, which meet basic Active Directory requirements, are frequently used, increasing the risk of password reuse.
Only 12% of organisations have moved away from using passwords as their primary method of authentication.
45% of organisations who only check for compromised passwords during expiry or reset events average only two checks for compromised passwords per year.
Organisations using SaaS apps have an average of 47,750 passwords to manage.
Only 50% of organisations scan for compromised passwords more than once a month.
The most common base terms used in breached passwords were “password”, “admin”, and “welcome”.
53% of people admit to using the same password across multiple accounts.
The most common length for compromised passwords was 8 characters (212.5 million total).
After analysing 1.8 million breached administrator credentials, 40,000 admin portal accounts were found to be using ‘admin’ as a password.
88% of organisations still use passwords as their primary method of authentication.
83% of compromised passwords satisfied the length and complexity requirements of regulatory password standards.