Do Americans Ever Change Their Passwords?

Just how cautious are Americans when it comes to cybersecurity? In today’s hyper-connected, highly-digitized society, data breaches are becoming increasingly commonplace. And they affect both corporations and individuals. In 2017...
Rob Sobers
2 min read
Last updated October 14, 2022

Just how cautious are Americans when it comes to cybersecurity?

In today’s hyper-connected, highly-digitized society, data breaches are becoming increasingly commonplace. And they affect both corporations and individuals. In 2017 alone, the Equifax breach — considered by some to be the worst security breach in recent history — put 145.5 million Americans at risk of exposed information and identity theft.

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”

Additionally, a Gmail phishing attack last year put 1 million users at risk of exposed information, and an Instagram hack revealed the contact information of 6 million users. Yahoo also revealed that a 2013 data breach affected the private information associated with all of their users — 3 billion in total.

According to the Pew Research Center, 64 percent of Americans have experienced some type of data breach in their lifetime. Despite this, the center found that the majority of Americans fail to follow cybersecurity best practices in their own digital lives.

In an effort to uncover more on password security habits (and associated feelings of cybersecurity), we put these numbers to the test. Read on to discover what we found after surveying 1,000 Americans.

Americans and Password Security

While cyberattacks are top-of-mind for many Americans, first-hand experiences and worry about imminent attacks doesn’t seem to get people to change their digital habits.

Despite the Pew Research Center’s report that the majority of Americans have personally experienced a major data breach and even anticipate an attack within the next five years, the majority of adults surveyed still seem largely unconcerned with personal password safety.

The most common reason users change their passwords is because they’ve simply forgotten their current one. Half of people surveyed cited this as the most common reason to change a password. In contrast, despite the increasing amount of hacks in the news cycle, only 1 in 5 Americans said they change their password as a result of a hack in the news.

americans changing their passwords data

Which Password Is Changed Most Often?

Our research revealed that the most common password Americans change is the password to their online banking or loans account, at 29 percent.

which passwords do americans change data

This is perhaps unsurprising, considering that financial security is one of the major concerns for Americans when it comes to cybersecurity. According to Pew, 66 percent of Americans anticipate the banking and financial systems to experience major cyberattacks in the near future, 41 percent say that they’ve experienced credit card fraud, and 14 percent have had loans taken out in their name.

However, recent hacks in the news have shown that individual users are increasingly affected across a number of entities, including email, social media, online shopping, and software and applications.

How Are Passwords Saved?

Our research also found that the majority of Americans use memorization or pen and paper to keep track of their passwords.

This is in contrast to the password best practices outlined by cybersecurity professionals, which recommend using third-party password management services, changing passwords on a regular basis and most importantly, never leaving passwords accessible or in plain text.

how do americans remember passwords

Although there are some memory tricks you can use to remember complex passwords, memorization can be difficult, given that ideal passwords are meant to be a combination of letters, numbers and symbols. Additionally, using the same password for different sites isn’t recommended.

Despite the fact that password management services are the easiest and most highly recommended form of keeping passwords safe, only 7 percent of respondents said that they use this kind of software to keep track of their passwords.

We found that the biggest demographic difference in how people manage and remember their passwords is between men and women. Both men and women agree that memorization is the best way to remember a password. However, men are considerably more likely to use password managing software.

men vs. women password management data

In all, there seems the be a major discrepancy between Americans’ real-life experiences with cyber breaches and their personal online practices. Learn more about how Americans approach cybersecurity and password security by downloading our full infographic, below.

click to download button

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

the-top-skills-of-fortune-100-cisos
The Top Skills of Fortune 100 CISOs
What does it take to become a top CISO? We analyzed CISOs of Fortune 100 companies to find the most common skills and educational background of the world's top cybersecurity leaders today.
sec-cybersecurity-disclosure-requirements’-impact-on-your-business
SEC Cybersecurity Disclosure Requirements’ Impact on Your Business
New SEC regulations change how public companies disclose hacks, breaches, and cyber incidents. Here’s everything you need to know.
what-the-new-sec-cyber-disclosure-guidelines-mean-for-your-business
What The New SEC Cyber Disclosure Guidelines Mean For Your Business
Discover the challenges the new SEC cybersecurity guidelines present for your CISO and learn tips on how to handle them at your organization.
a-ciso's-first-90-days:-the-ultimate-action-plan-and-advice
A CISO's First 90 Days: The Ultimate Action Plan and Advice
Over the last 10 years, the role of the CISO has become pretty complex. By the end of this blog you'll have a solid 90-day plan to step into a new CISO role.