In a world where nearly every digital interaction demands a password, keeping track of logins has become a modern headache. From banking apps to streaming services, users juggle a labyrinth of credentials -- often at the expense of security. A new survey by All About Cookies, which polled 1,000 U.S. adults, reveals that while some progress has been made, the vast majority of internet users are still engaging in risky password behaviors that leave them vulnerable to cyber threats.
A Persistent Password Problem
Despite years of warnings from cybersecurity experts, 84% of internet users admit to unsafe password habits, such as incorporating personal information like birthdays, pet names, or favorite numbers into their passwords.
One of the most glaring vulnerabilities? Password reuse. Although the number of people who recycle passwords has declined compared to last year, half of users (50%) still admit to using the same password across multiple accounts. That’s an improvement from the 65% reported a year ago, but it remains a major concern.
“Reusing passwords is like using the same key for every lock in your life. If one gets stolen, it can unlock everything,” says James Calderon, a cybersecurity expert at DataShield Solutions. “Hackers take advantage of this through credential stuffing attacks, where they use stolen passwords from one breach to access multiple accounts.”
A Modest Improvement in Password Diversity
The survey also found that the average person now manages 16.5 unique passwords -- a noticeable increase from last year’s 12-password average. Additionally, the percentage of users with five or fewer unique passwords dropped from 52% to 31%, signaling a shift toward stronger security practices.
However, a key challenge remains: remembering those passwords. Cybersecurity best practices discourage storing passwords in easily accessible locations, yet 40% of respondents admit to writing their credentials down on paper or sticky notes. Another 38% rely on memory alone -- a risky approach when passwords should be complex and frequently updated.
The Sharing Dilemma: Convenience vs. Security
Password sharing remains a widespread issue, with 59% of respondents admitting to sharing at least one account login with another person. Streaming services are the most commonly shared, with 41% of users giving out their credentials. More concerning, however, is the fact that 23% of respondents share passwords for devices like phones, tablets, and computers, and 15% share email passwords -- leaving their personal communications exposed to potential breaches.
“People don’t always think about the long-term risks of sharing passwords,” warns Rachel Lim, a digital security analyst. “If you share a Netflix password, that’s one thing. But when you’re giving out your email or device passwords, you’re opening the door to account takeovers and identity theft.”
How to Fix the Problem
Given the persistent risks, experts recommend a few simple steps to improve password security:
Use a password manager: These tools generate and store complex passwords securely, removing the burden of memorization.
Enable multi-factor authentication (MFA): Even if a password is compromised, MFA adds an extra layer of security by requiring a second verification step.
Avoid personal information in passwords: Opt for random words, numbers, and special characters instead of birthdays or pet names.
Regularly update passwords: Change passwords periodically, especially after a data breach or security alert.
The Future of Passwords
The findings suggest that while password habits are improving, they’re still far from ideal. With cyberattacks becoming more sophisticated, the reliance on traditional passwords may soon give way to more advanced authentication methods like biometrics and passkeys. Until then, the best defense is user vigilance and adherence to security best practices.
“Password security isn’t just about protecting one account -- it’s about protecting your entire digital identity,” Calderon emphasizes. “The more people take this seriously, the safer we all become.”