Password Habits in the US and the UK: This Is What We Found

Ruth Rawlings
infographic blog featured

In March, NordPass conducted a password survey to find password management habits in the US and the UK. We wanted to know how these populations use passwords to ensure the security of their online accounts.

We saw some interesting patterns in both populations across all age groups. We found out how stressful password management is and why that’s so. We learned whether people understand how vulnerable their accounts are and which ones they think are the most prone to hacking. We also asked them if they take any actions to protect them. And last but not least, we spoke to cybercrime victims to identify who’s the most likely to be hacked.

Find summarized password security statistics in the infographic below. More detailed information about the results follows the infographic.


Password management is stressful

We all have a lot of online accounts we need to protect. To be precise, in both the UK and the US, 7/10 respondents claimed having more than ten password-protected accounts and 2/10 have more than 50. Managing them all is no easy task.

It’s not the most concerning life problem, yet more than 30% of both populations find resetting and coping with passwords stressful. A similar share of people is also concerned about retirement.

People experience even more stress if their passwords are lost with no recovery option. Such an event could be compared to other life-challenging situations, such as changing jobs, getting married, or even facing an illness.

But why does it cause so much stress? Well, 8 out of 10 survey respondents find password management difficult. They agreed that the main reasons were:

  • Having too many accounts;

  • Struggling to remember which password belongs to which account;

  • Using unique passwords but not being able to remember them all;

    Finding it challenging to create complex passwords.

Which accounts are considered the most vulnerable?

8/10 US respondents and 9/10 UK respondents fear that they’d lose money if their bank account or a financial institution was hacked. The second most valuable account to them is their email, third — big online store accounts, like Amazon or eBay. Approximately half of the population believes that entertainment, health and sports, productivity, and transportation apps could also bring money loss.

Therefore, it’s not surprising that respondents agreed that the more vulnerable the account, the stronger the password it should have. They believe that the three most vulnerable accounts mentioned above should have the strongest passwords, respectively.

We don’t practice what we preach

Even though the respondents understand the necessity of strong and complex passwords and fear that hacking could result in money loss, they don’t always take action to protect them.

More than 80% of people in both countries recognized the need for strong passwords, but only 53% US and 59% of UK respondents do use them. The password statistics are pretty similar when it comes to protecting personal emails and big online store accounts.

The results are even more shocking when it comes to “less vulnerable” accounts. Approximately 65% of all respondents agree that small online stores, social media accounts, and messaging apps should have strong passwords. However, only half of them practice what they preach.

When it comes to sports, health, transportation, and productivity apps, only 2/10 people use strong passwords.

What does a typical cybercrime victim look like?

We might have a perception of how a cybercrime victim should look, but it couldn’t be further from the truth. 22% of our respondents in both countries have been affected by cybercrime. Their data helped us draw a picture of a typical cybercrime victim. Most often he or she is somewhere between 25 and 44 years of age, tech-savvy and may own a business.

To put it in numbers:

  • 54% of men and 46% of women were hacked in the US. The ratio is 50/50 in the UK.

  • 57% of victims in the US and 46% in the UK consider themselves tech-savvy.

  • Around half of all victims fall in the age group of 25-44.

  • A quarter of all victims have managerial positions or own a business.

Why do we fall prey?

We started seeing a pattern when comparing the data of cybercrime victims and those who have never fallen prey. People who have been hacked tend to have more password-protected accounts and more often admit it’s extremely challenging to manage them. But do they learn a lesson once burnt? Yes and no.

Those who’ve been hacked show a change in their attitude. They become more aware of the necessity of strong passwords and are more worried that their other, less protected accounts, might get hacked too. But do they act differently? No. Compared to their lucky fellows who have never been hacked, they do not put more effort into securing their accounts.

Who takes it more seriously — younger or older generations?

Does age matter when it comes to strong passwords and account security? In the UK, people aged 45–64 use unique passwords more often than the 18-44 y.o. group or 65+ respondents. With one exception – seniors more often than other groups make their financial accounts secure. The younger generation is more aware of potential harms; however, they also find their accounts more difficult to manage.

In the US, on the other hand, the youngest respondents (18-24 y.o.) were the least worried about their accounts being hacked, yet they still protected them as much as other age groups.

24-35 year-olds were most concerned about hacking, but their usage of unique passwords didn’t differ from other age groups.

The survey was conducted on March 13-21. Respondents in both countries were over 18 years of age. They were split into 6 age groups, each making 13-19% of the overall sample. The gender split was approximately 48% women and 52% men in both countries.

For more information and to contact us, please visit the Press area.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.