Skip to main content

It’s not just you. Everyone is bad at password management, study reveals

Does this sound familiar to you: You have the same primary password you use for a majority of your logins, and switch it up with a few numbers and symbols for more case-sensitive websites. According to a new study, most of us have the same password habits, and they are bad habits that we need to kick. 

“People have been told to make longer and more complicated passwords by adding a symbol, adding an emoji … it just gets worse and worse,” HYPR CEO George Avetisov told Digital Trends. 

Recommended Videos

HYPR, a cybersecurity provider, released a new study on Tuesday on the current state of passwords and how people manage them. The two-and-a-half-year study looked at over 500 respondents from the United States and Canada about how they manage their passwords. 

The research shows a variety of password data, like how over 40% of people rely only on their memory to remember their passwords. However, 78% of the study’s respondents had to reset their password in the last 90 days because they forgot it. 

A staggering 72% of individuals reuse passwords in their personal life, which experts say is bad “password hygiene.”

“We should strive for 100% of people not to reuse passwords, and what you see here are some pretty high stats as being reused,” Avetisov said. 

He said that on the bright side, people are more cautious about their passwords for their work. The study shows that when prompted to make a new password at work, 51% of people use a completely new password, compared to 28% for personal use. 

“My advice is to never use any personal passwords for work,” Avetisov said. “If you separate your personal and your work passwords, you’ve already done your company and yourself a huge benefit.” 

So how can we clean up our act? Avetisov said that that responsibility shouldn’t fall on us, but should instead on the companies and online services that require passwords. He said a simple solution to our password habits would be for companies to implement password-less multifactor authentication. 

Using things like your phone (touch ID) or your biometric data (facial recognition) would be more secure than a password, according to Avetisov. It could prove to be more reliable than a password, but facial recognition software is still thought to be controversial by many. 

“Folks who are against facial recognition have a reason to be and have a right in doing so, but there are different flavors of it,” he said. 

Avetisov said the biometric data on an iPhone never leaves that device, so by companies using that technology to their advantage when asking users to log in would beneficial and more secure for all. 

Of course, for now, a majority of the sites we use require a manual password for us to log in. For that, Avetisov said to use a password manager to help you remember all of your different passwords. 

Allison Matyus
Former Digital Trends Contributor
Allison Matyus is a general news reporter at Digital Trends. She covers any and all tech news, including issues around social…
Nvidia’s RTX 5090 is just as insane as you think — it’s $2,000 and twice as fast as the RTX 4090
A range of Nvidia RTX 50-series graphics cards.

Part of me thought the rumors about Nvidia's RTX 50-series GPUs were wrong. But the RTX 5090 is just as insane as everyone said it would be. Nvidia CEO Jensen Huang took to the stage at CES 2025 to officially kick off the show, announcing the RTX 5090, which clocks in at a staggering $2,000.

The monstrous graphics card has been the topic of rumors and speculation for well over a year. The entire range of Blackwell GPUs seemed to slipped out of a release late last year, as rumors up to that point had suggested. The RTX 5090 marks a $400 increase over the RTX 4090 we saw in the previous generation.

Read more
MSI just embarrassed everyone with its new $80 keyboard
The MSI Forge GK600 keyboard.

"Let's move onto the peripherals." It's a sentence I always dread hearing during a CES booth tour, especially among mainstream brands like MSI. I know I'm in for a slew of keyboards that don't come close to the best gaming keyboards, and they usually come at an ungodly price. But MSI left me gobsmacked at CES 2025 with its new $80 mechanical keyboard.

It's called the Forge GK600 TKL Wireless, and it puts just about every gaming keyboard I've seen to shame. Not only is it packed with premium design elements usually reserved for expensive keyboards like the ROG Azoth and GMMK 3 -- it also comes in at that insane $80 price. Even as I'm writing this article, I'm still shocked at the price. The Forge GK600 has no business being as inexpensive as it is.

Read more
Sticky Password vs. Enpass: best one-time purchase password managers
Sticky Password and Enpass pricing appears in a split-screen on a PC monitor.

Sticky Password and Enpass are two leading password managers that offer one-time purchase options. Passkeys have the potential to eliminate the need for passwords, but there are plenty of online accounts that lack passkey support.
The bottom line is you still need a great password manager to streamline account access, protect your logins from hackers, and simplify sharing accounts with family and friends.
Tiers and pricing
Sticky Password has a low-cost annual subscription, a lifetime plan, and a free version. Sticky Password

The price isn’t the only detail that matters when choosing a password manager but a single payment option is hard to beat. Sticky Password’s lifetime plan sells for as low as $40, which is less than an annual subscription to Dashlane. Of course, Dashlane includes a premium VPN to help offset the expense.

Read more