New research shows that many of us are collectively getting better at our password practices, but we’re still far from perfect.
A report published by popular password manager Dashlane anonymously analyzed data from millions of users around the world and came to some bittersweet conclusions.
Despite the global improvement in password hygiene, the average password health score was still within Dashlane’s “needs improvement” category. The report also highlighted the worrying number of reused and compromised passwords, and called for greater adoption of password keys, the new passwordless technology.
Needs improvement
The Global Password Health Score Report found that the average password health score for this year was between 70.9 and 78.2, with the former figure representing North America and the latter Eastern Europe.
Each region in the analysis improved its score by an average of two points compared to last year’s report. However, this range still falls short of Dashlane’s ideal score of 90 and above.
Additionally, 44% of passwords around the world are reused, making users vulnerable to password spraying attacks, where threat actors use a single stolen password to gain access to multiple accounts to see if they get lucky.
In the North American region, 17% of passwords have also been compromised, which, while down 2% from last year, is still a concern for Dashlane as the average user has more than 200 online accounts associated with a password are protected. North America also led the world in the number of compromised and weak passwords.
Dashlane believes in the importance of good password health, citing a Verizon report showing that 80% of hacking breaches are due to weak, stolen, or reused passwords. Additionally, the cost of breaches to business has risen to $4.45 million for organizations worldwide over the past three years.
One of the company’s recommendations is that users start using passkeys more often, which replaces passwords with a pair of cryptographic keys whose private part is not known to anyone – not even the user. This makes them phishing-resistant.
Dashlane and other popular password managers are gradually starting to support access keys, giving users an alternative place to create and store them, allowing them to be deployed across platforms. Passwords stored in the proprietary custodians of tech giants like Apple, Google, and Microsoft can only be used within their respective ecosystems.