Password Manager Industry Report and Market Outlook (2023-2024)
Though password manager adoption soared in the past year, next-generation security keys are gaining ground in the market.
Written By: Security.org Team | Published: September 13, 2023
Expanding social media and shuffled streaming services continually compel the creation of fresh online accounts – and an ever-growing list of complicated passwords for users. Properly managing all these credentials is challenging – but essential – as the FBI reported a record $10.2B in cybercrime last year.
Password managers (or vaults) offer a simple solution for protecting and accessing logins across the web on multiple devices. Though these services are often free and integrated with existing devices, many Americans opt instead for old-fashioned techniques: memorization, saved files, and even hand-written lists.
Our third annual report (jump to our 2022 and 2021 reports) shows that password manager use rose considerably over the last year, yet two-thirds of the public still relies on alternate methods for tracking their online logins. We recently studied the password habits of over 1,000 Americans to learn how they store credentials, why they’ve chosen certain password managers, and how likely they are to improve their digital security methods.
- Due to increasing cyber security risks and the proliferation of digital technologies, the need for password managers in both personal and business settings continues to grow. Today, one in three Americans use password managers (up from one in five in 2022). This is an estimated 79 million people.
- Google and Apple password managers, built into their devices and browsers, now account for one-half of the American market and are more popular than any other password management tools.
- Ten percent of adults have already adopted emerging security key technology to handle their digital credentials, and the technology will only grow as multi-factor authentication becomes more widespread.
- Despite the rise in secure password management strategies, 41 percent of online account holders still rely on memorization to track their internet passwords, and 25 percent save passwords on their devices in unencrypted files or notes.
- More than one in four password manager users jeopardize their personal data by reusing master passwords elsewhere. People who engage in this unsafe practice are more likely to have experienced recent identity theft.
- Seventy-one percent of those without password managers are open to signing up for services in the future, signifying the market is far from saturated.
Password Manager Use Soars Year-Over-Year
Unsecured logins and recycled passwords make digital accounts vulnerable to hackers. In 2022, more than one million Americans filed identity theft cases, with many more crimes unreported.
In a sign that web surfers are increasingly aware of such danger, the number of people using password managers jumped approximately 60 percent in the last year. Additionally, more parts of Americans’ lives are conducted online today, from remote work and school to streaming entertainment and digital banking. The meteoric rise of digital platforms has led to a growing need to manage account credentials. In 2022, only one in five Americans used password managers, compared to one in three in our latest study.
Despite the massive growth of password management tools, memorization remains the most common password tracking technique, with password managers now the second most popular method. Surprisingly, the introduction of physical security keys and next-generation passkeys has already garnered attention and 10 percent usage among adults.
|How do you manage your online account passwords?||2022||2023|
|I have my passwords memorized||41%||41%|
|I use a password manager||21%||34%|
|I write them down on paper||32%||30%|
|I save my passwords in my browser||25%||27%|
|I save them in a note on my computer or mobile device||25%||25%|
|I use the same few passwords on all my accounts||22%||21%|
|I use a security passkey or other physical password device||–||10%|
Note: Multiple selections allowed
What is a security key? Security keys are small, physical devices that provide an additional layer of security for various online accounts and systems. Primarily, they provide multi-factor authentication (MFA), helping users prevent unauthorized access to their online accounts and personal data. They look like tiny USB drives and can be used with computers and mobile phones.
Passkeys similarly act as personalized two-factor authenticators but can be installed on a user’s phone without needing a separate gadget. Employing public key cryptography to embed digital credentials on a client’s physical device eliminates the need for hackable or stealable passwords. Online accounts that accept passkeys can be accessed the same way one opens a phone: biometrics, PINs, or swipe patterns when the user has physical possession of the designated device.
Though Apple, Google, and Microsoft are all working to roll out this new protocol, it will be some time before universal adoption. In the meantime, users should still enlist password managers to handle their complex logins. Many password managers are also incorporating passkey support to help with the transition.
Despite these gains in password manager and passkey use, six in ten Americans still rely on insecure methods (such as memorization, repetition, notes, browsers, or unencrypted files) to keep track of their credentials.
Unfortunately, more vault subscribers are also recycling their master password for use with other logins. More than one-quarter of those with password managers reused their master password, up significantly from two years ago.
|Do you use your password manager’s master password as a password on other accounts?||2021||2022||2023|
This practice is particularly hazardous. Hackers who obtain one reused password in a third-party leak can then breach password manager accounts to steal all of a subscriber’s logins.
We strongly advise choosing different complex passwords for every individual account and a unique login to unlock the password manager instead of cycling through pet names or sibling birthdays that can be deciphered with public information.
Why Users Turn to Password Managers
Password managers can be indispensable when juggling numerous account credentials across multiple devices. Beyond providing additional security, they supply superior convenience. With vault functionality, there’s no need to rack one’s brain to create complex codes or to memorize them all. It is essential to have strong passwords today to protect personal data online.
According to the National Institute of Standards and Technology’s guidelines, all online passwords should have four essential qualities:
- lengthy (preferably 12 or more characters)
- unique (so that breaking one doesn’t compromise multiple accounts)
- divorced from personal meaning (so that social networks provide no clues)
- updated whenever a breach is suspected.
These sensible suggestions are difficult to follow if passwords are stored in one’s memory or scribbled in notebooks. This is why most users decide to employ password vaults.
|Why do you use a password manager?||Percentage of users|
|I have more passwords than I can remember easily||68%|
|I use my logins across devices (laptop, mobile, etc)||53%|
|I wanted to generate complex passwords||45%|
|I needed to manage multiple logins for some applications||40%|
|I wanted my passwords encrypted||22%|
|I only wanted to remember one password||18%|
Note: Multiple selections allowed
FYI: Security.org has created a password generator tool to help you create strong passwords in a flash.
Today, password managers are most often installed on phones, permitting mobile accessibility where users lack access to notebooks or saved desktop files. The share of people using mobile password managers has dramatically increased since our initial study in 2023. This year, three-quarters of subscribers use vaults on personal computers, and 71 percent deploy them across multiple devices.
|On which devices do you use a password manager?||2021||2022||2023|
|Laptop or desktop computer||75%||75%||77%|
Note: Multiple selections allowed
With remote working and cloud databases now firmly established corporate practices, professional use of password managers also continues to rise. This year, we found that 58 percent of adults use the services for employment credentials, up from 50 percent last year.
With more Americans turning to password managers across several devices and use cases, which brands benefit most from these added customers?
Most Popular Password Managers of 2023
Our first password manager report found a fractured field of services led by pioneers like LastPass. Since then, tech giants have entered the fray and capitalized upon brand recognition, hardware integration, and competitor missteps to establish dominant market shares.
|What password manager do you primarily use?||2021||2022||2023|
|Google Password Manager||8%||23%||30%|
|iCloud Keychain (Apple)||7%||17%||19%|
|McAfee True Key||8%||2%||2%|
Google and Apple now dominate the market, accounting for nearly one-half of all password manager users. Two widely publicized security breaches specifically contributed to LastPass’ downfall. However, all competitors have struggled to compete with the free, convenient, seamless services now offered by Google and Apple.
Those features were prominently cited by password manager users when asked why they had chosen their current provider. The most commonly mentioned factors included:
Convenience/ease of use: Customers particularly appreciated when password managers were built-in to their devices, simple to use, and automatically generated, saved, and filled their login information. These consumer preferences supply a notable advantage to Google and Apple, automatically incorporating managers with Chrome browsers and iPhone operating systems.
Trust and familiarity: Respondents preferred brands they knew and respected — companies with a track record of positive performance. This aspect again aided prominent names like Apple and Google, but also smaller firms with a solid reputation for security, like Norton and McAfee.
Security and safety: Many users favored password managers that offered added security features that went beyond essential functions, like advanced encryption, biometric safeguards, and offline backup storage. Previous password breaches also strongly influenced selections, a criterion that hampered diminished brands like LastPass.
Recommendations and reviews: Personal recommendations from friends, families, or knowledgeable associates factored significantly in the choice of vault clients. Additionally, many users cited password manager reviews and positive online ratings as instrumental in their search.
Cost and value: Americans love a bargain – especially after several years of inflation and waning consumer confidence in the economy. Accordingly, many password manager clients mentioned free (or low-cost) options as pivotal considerations. This factor favors Apple’s and Google’s free offerings. Nearly two-thirds of password vault subscribers use free products, though slightly more Americans chose to pay for services this year compared to 2022.
|How much do you pay each year for your password manager? (among users)||2022||2023|
|$0 (or free)||67%||63%|
|$1 – $20||10%||11%|
|$21 – $40||7%||12%|
|$41 – $60||6%||5%|
|More than $60||3%||3%|
However consumers select their password manager service, most are satisfied with their choice. Only one-quarter of customers changed their provider in the last year (with many of those defectors justifiably ditching LastPass after its most recent security lapse).
Additionally, those who have come to rely on password vaults show high confidence in the technology. Three out of four password manager users believe in the product’s safety. That rate is almost double the confidence shown by those without accounts.
How might holdouts be convinced to use password managers?
Market Outlook: Potential for Further Password Manager Expansion
Our 2022 research revealed that nearly seventy percent of those without password managers were open-minded about signing up for a service. That fertile finding proved a harbinger of significant growth in year-over-year vault usage. This year’s results are similar.
Nearly three-quarters of those who currently lack password managers would consider adopting one in the future.
Primary reasons for not using password managers also echoed previous findings. Many don’t believe vaults are necessary, think they are potentially unsafe, or presume they’re overly complex or expensive.
|What is your main reason for not using a password manager?||2022||2023|
|Not sure I need one||28%||27%|
|They’re not secure||28%||28%|
|They cost too much||16%||16%|
|I don’t know how they work||15%||15%|
|They’re too hard to set up||12%||9%|
Greater public awareness, education, and first-hand experience might convince more Americans to abandon memorization and notebooks to join the growing number of satisfied users better guarding and organizing online credentials.
The internet often acts as a modern-day melting pot, serving surfers of all ages and levels of technical savvy. This odd mix can produce both innovation and contradiction. The perseverance of password credentials may be the ultimate example of such disparities. For instance, online accounts accessing cutting-edge tech are still guarded by archaic “secret word” security concepts.
Advances like biometric passkeys are already arriving, with promises of quantum encryption further ahead, but until these methods become standard, we’re stuck using complex strings of characters. Password managers make that process easier and safer.
With the ability to generate, store, and transmit endless unique logins via one master account, properly-used password managers simplify and secure online life. Several of the most popular services come with no cost, yet only one in three Americans use them even as identity theft rises.
Fortunately, vault subscriptions jumped by one-half last year, and most non-users remain open to adoption. As more adults realize password managers’ utility, ease, integration, affordability, and trustworthiness, we can expect additional market penetration and a safer internet environment.
In August 2023, we conducted an online poll of 1,051 American adults. Their ages and genders represented the U.S. population based on the U.S. Census. Respondents answered questions about their password management techniques and experience with password management tools.