Since 2020, NordPass has been mapping out how many passwords we have on average. In the first few years, the trend was steadily moving upward, peaking at 168 passwords in 2024. However, for the first time — and right on time for this year’s World Password Day — NordPass’ research has revealed a surprising statistic: The number has dropped to 120. Business-related passwords appear to be following the same pattern. Let’s take a closer look at the research and learn what this decreased number of passwords means for our online safety.
Contents:
The unexpected password U-turn
The first NordPass password usage research was conducted in February of 2020, just a month before the start of the COVID-19 pandemic. It was reported that an average user handled around 80 passwords at that time. The follow-up in October of the same year — eight months into the pandemic — already indicated a clear uptick in password reuse. It was likely driven by people staying indoors and moving all leisure and personal activities, like shopping and medical appointments, online. The average number of passwords handled by a person went up 25% to the number cited since — 100.
In 2024, the average number of passwords reached an all-time high, at nearly 170 passwords per person. The same year, the research introduced a new angle, looking into how many business-related passwords people had. The average number here was 87.
2026 brought an unexpected twist. Although the expectation would be for the number to keep going up, it actually took the complete opposite direction. The data revealed that the average person handles approximately 120 personal and 67 work-related passwords.
Changing habits and prioritizing convenience
Although this data was surprising, cybersecurity experts have a few theories regarding the outcome. According to Karolis Arbaciauskas, head of product at NordPass, users tend to prioritize convenience when they sign up for new services. They often use single sign-on (SSO) with their Google, Apple, or Facebook account to log in more quickly, which means they don’t need to create a new password.
Another suggestion for the decrease is the growing adoption and promotion of password alternatives. Users increasingly adopt passkeys, face IDs, and WebAuthn to access accounts, especially on mobile devices. This hints at an increased user awareness of secure password alternatives. Instead of creating accounts with unique passwords, users opt for biometric-based authentication to verify their identity when they log in, streamlining the process while maintaining account security.
Methodology: The quantitative research by NordPass was conducted on April 4-15, 2026, and included 1,509 NordPass users.
A positive sign for account management trends
The decline was long awaited. NordPass’ goal is to educate people on alternative passwordless authentication methods that let them keep their accounts as secure as passwords would, but without worrying about forgetting or mixing them up.
When people manage too many passwords, they often reuse them or create simple variations, switching out a single letter or digit to meet the minimum password strength criteria. This is a well-known security risk — if one account is breached, the others sharing the same or similar password are at risk of being compromised. Password managers resolve this by generating, storing, and autofilling login credentials for users, ensuring all passwords are strong and unique.
Dormant, abandoned, and forgotten accounts on rarely visited platforms with weaker security measures also pose a security risk. They’re a prime target for cybercriminals, and users might overlook the data breach notifications they issue, unaware that their personal information has been breached. In these cases, tools like the Data Breach Scanner can help. They actively scan the internet and dark web for your credentials and alert you if your information appears in a breach, helping to protect even your forgotten accounts.
“Personally, I would recommend replacing passwords with passkeys. In my view, they are currently the most secure and convenient authentication and login tool available on the market.”
Karolis Arbaciauskas
Head of product at NordPass
According to Arbaciauskas, the new data offers hope that passwords are finally being replaced by passkeys and other login methods. However, it’s important to note that the research figures should be interpreted cautiously. Although the average number of individual passwords used has gone down, the overall number of accounts and associated login credentials continues to grow.
What can you do to handle accounts more easily?
You might be thinking about how many accounts you currently have and how many may use insecure passwords. We have a few best practices you can follow to secure your personal data more efficiently:
Deactivate unused accounts. Considering how many passwords the average person has, tracking down every unused account you’ve created may be difficult. However, if you know for certain that you no longer need an account, deactivate it to reduce your password load.
Set up a password manager. As you work to reduce the number of accounts you own, you will encounter many that remain necessary. NordPass helps individuals and businesses manage their passwords with ease and security in mind. Its built-in features support generating unique and secure passwords, simplifying logging in with autofill, and accessing all sensitive data on the go.
Regularly update your credentials. The longer you use a password, the higher the chances of it being breached. If you regularly change your passwords, you keep your accounts safer. Password Health lets you see which of your login credentials are weak, old, or reused.
Make sure all passwords are strong. We recommend passwords be at least 20 characters long and contain a combination of letters, numbers, and special symbols. A password generator helps quickly create passwords that meet these criteria. For more tips on creating strong passwords, visit our dedicated blog post.
Stay ahead of breaches. Use the Data Breach Scanner to get real-time alerts if your passwords, email addresses, or credit card details have appeared on the dark web.
Enable two-factor authentication (2FA). Add an extra layer of protection with two-factor authentication to your accounts and ensure that even if your password is compromised, cybercriminals cannot access the affected account.
Switch to a passwordless solution where possible. Passkeys are a new, more secure way of logging in to your accounts. They use a combination of biometric verification with cryptographic keys, offering a safer and more convenient alternative to passwords. NordPass lets you easily store and manage passkeys on different devices.
Whether you have 20 or 120 passwords, NordPass makes password management simple and convenient. Your passwords, passkeys, credit card details, and other sensitive information are protected in the xChaCha20-encrypted vault, which only you can access.
NordPass offers a range of features tailored for personal and business use, including Email Masking, passkey support, secure item sharing, digital document storage, a built-in authenticator, centralized policies for companies, and an Activity Log. You can try NordPass Free and Premium for your personal use or sign up for one of the Business plans based on your organization’s needs.