Skip to main content
HomeTopicsPassword Security

Password Security

We've curated 29 cybersecurity statistics about Password Security to help you understand how evolving threats, advanced authentication methods, and best practices are shaping the way we protect our digital identities in 2025.

Showing 1-20 of 29 results

31% of users in monitored SMB environments are exposed to compromised passwords each month.

Guardz5/27/2026
SMBIdentity

66% of Australians reuse passwords across multiple online accounts.

KnowBe45/27/2026
AustraliaAccount Security

The password '2025' appears 4.1 million times in exposed credentials.

SpyCloud5/27/2026
Password Trends

Passwords containing 'sweet', 'cookie', 'candy', 'cake', or 'pie' appear 5.7 million times in exposed credentials.

SpyCloud5/27/2026
Password Trends

Passwords containing 'chiefs' or 'kansas city chiefs' appear 5 million times in exposed credentials.

SpyCloud5/27/2026
Password Trends

Passwords containing 'apple', 'banana', 'orange', 'strawberry', or 'fruit' appear 2.6 million times in exposed credentials.

SpyCloud5/27/2026
Password Trends

The password '67' or 'sixseven' appears 140.4 million times in exposed credentials.

SpyCloud5/27/2026
Password Trends

53% of Americans use strong passwords.

McAfee5/27/2026
ConsumerUS

44% of New Yorkers use unique passwords for all of their accounts, while 56% reported reusing passwords across multiple accounts.

Commvault1/1/2026
ConsumerUS

58% of the world's top 1,000 most visited websites do not require special characters for their passwords.

NordPass11/9/2025
Websites

Only 1%, or five websites, among the top 1,000 most visited websites met all best-practice password criteria.

NordPass11/9/2025
Websites

42% of the world's top 1,000 most visited websites do not enforce any minimum password length requirements.

NordPass11/9/2025
Websites

The most commonly used keyboard walk pattern was “Qwerty,” which appeared over 1 million times in a list of compromised passwords.

Specops Software1/1/2025
CredentialsCommon passwords

Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.

Specops Software1/1/2025
End UsersWeak passwords

After analysing 1.8 million breached administrator credentials, 40,000 admin portal accounts were found to be using ‘admin’ as a password.

Specops Software1/1/2025
Administrator AccountCredentials

Requiring an Active Directory password length of at least 13 characters would significantly reduce the risk of cloud application password reuse.

Specops Software1/1/2025
Active DirectoryCredentials

83% of compromised passwords satisfied the length and complexity requirements of regulatory password standards.

Specops Software1/1/2025
Regulatory ComplianceComplexity

88% of organisations still use passwords as their primary method of authentication.

Specops Software1/1/2025
AuthenticationCredentials

Only 12% of organisations have moved away from using passwords as their primary method of authentication.

Specops Software1/1/2025
AuthenticationOrganizations

Over 31 million of the breached passwords were over 16 characters in length.

Specops Software1/1/2025
CredentialsData breach