Annual Report 2022
Web users without password managers
were three times more likely to experience
identity theft than those who properly use them.
Every web user desires online protection, yet not all seize opportunities to achieve it. One notable example lies in password managers, which effortlessly enhance cybersecurity and are used by one in five (about 45 million) internet users in the U.S.
Identity theft has doubled since the pandemic, and last year 1.4 million Americans lost more than a billion dollars collectively to imposter scams. Collapsing crypto wallets and turmoil at Twitter further stoke online apprehension.
As we await advances like biometric authentication and quantum encryption, passwords remain essential tools for online defense. Experts emphasize that password managers (or “vaults”) are critical to maximizing protection, yet consumers haven’t fully embraced their use.
We conducted our second annual research study to better understand this critical security feature’s effectiveness, adoption, and expansion potential. This comprehensive report includes insights from more than 1,000 Americans about their experiences with and opinions regarding password managers.
- 45 million Americans use password managers to protect their credentials online. Nearly two in three people still track their passwords by memorization or hand-written notes.
- Identity theft incidents have increased significantly from 2021 to 2022. Web users without password managers are three times more likely to experience identity theft than those who properly use them.
- After a massive data breach, LastPass moved from the most popular manager in 2021 to the fourth-most popular in 2022.
- Mobile usage of password managers surpassed desktop usage in 2022, with 84 percent of password vault users employing them on their phones.
Table of Contents
Password Managers: Essential Tools for Digital Security
Logging passwords containing pet names and birthdays on colorful Post-its is no longer a viable internet security plan. As hackers evolve their skills, strong passwords and complex protocols have become more necessary.
According to the National Institute of Standards and Technology’s guidelines, all online passwords should have four key qualities:
- lengthy (preferably 12 or more characters)
- unique (so that breaking one doesn’t compromise multiple accounts)
- divorced from personal meaning (so that social networks provide no clues)
- updated whenever a breach is suspected.
These sensible suggestions are difficult to follow if passwords are stored in one’s memory or scribbled in notebooks. That’s where password managers come in. These applications generate unique compliant codes for every portal, store them, auto-fill them, and alert you when credentials need changing. They’re typically easy to use, effective, and, most importantly, encrypted.
Despite these tremendous advantages, twice as many Americans entrust their digital fate to personal memory as rely on a password manager program.
Each old-school approach invites danger compared to password managers. Despite increasing risks, an increasing number of people are relying on these haphazard approaches. Memorizing passwords or jotting them down encourages simple or personal codes. Storing passwords in browsers or devices makes them susceptible to hackers and malware. Re-using passwords leaves multiple accounts vulnerable to a single breach.
The riskiest password practice proved to be repeating basic codes across multiple accounts: 50 percent of those who rely on this method had their credentials stolen in the past year, up from 35 percent in 2021.
With so many consumers managing security through haphazard methods, it’s little wonder that at least one in three respondents in our research had their identities or credentials stolen in the last year.
Improper use of password managers is on the rise
Those without password managers experienced identity theft at three times the rate of those who employed them correctly (35 percent vs. 12 percent). Some password manager users who experienced identity theft were not using them correctly, which undermines their effectiveness.
Nearly half of password manager users who had their identities stolen used their “master password” for other accounts. This is an extremely risky practice that should be avoided to protect personal data online, and unfortunately, we discovered this habit has increased slightly over the past year.
The importance of a secure master password
Password managers encrypt credentials online and require an offline master password for access. It’s essential to keep this password safe and unique from any code you’ve used. We found that one in four password manager users had recycled their master password, undermining the strength of the vault.
A closer look at current password vault users reveals specific motivations, use cases, and confidence.
Current Password Manager Use
Not enough Americans use password managers, but our research found that about 45 million people rely on them. Our analysis revealed that users turn to vaults for various reasons across different devices and price points.
Two out of three password manager users admit they can’t memorize numerous login credentials. Others employ the product to generate codes and keep credentials handy on multiple devices.
The overwhelming majority of people who use password managers rely on them to contain personal login information. Nearly half also store work-related codes.
Professional use is likely limited because enterprise systems generally require only one regularly-updated password and incorporate secondary verification through 2FA or physical tokens.
Conversely, personal accounts span scores of websites, so login lists quickly add up. The median number of vault-stored credentials is 30, and more than a third of users had 50 or more passwords saved in their manager.
In addition to coordinating numerous codes, password managers help users juggle logins between various devices. With one application installed on all gadgets, access is always at one’s fingertips.
More than two in three subscribers installed their vaults on multiple devices, with mobile phones the most frequently-synced gear. An increasing number of users began using password managers on their mobile phones in 2022 compared to 2021. This portable use highlights password managers’ practical ability to supply saved codes on the move and away from one’s desk.
Among a crowded field of available products, Google and Apple’s proprietary password tools lead the pack in popularity. Google’s password storers come built into the Chrome web browser and Android phones, and Apple’s iCloud Keychain is standard on iPhones.
|Which password manager do you use?|
|Google Password Manager||23%||8%|
|McAfee True Key||2%||8%|
In 2022, Google upgraded its password manager as Apple also enhanced its iCloud Keychain. Each service remained free and leveraged the tech titans’ audiences to increase users over 2021. These market gains sapped subscribers from pricier services like McAfee, Keeper, and especially LastPass (which dropped from first place to fourth after a widely-publicized breach). Unfortunately, another LastPass breach occurred at the end of 2022, just after our research was conducted. This could cause the company to lose favor again with consumers.
During this time of high inflation and household budget constraints, it’s unsurprising that free services have remained popular. Overall, two in three users opt for password managers that come at no cost (and often are pre-installed on their devices).
Rising costs and LastPass’s hack contributed to sizable switching of services in the past year; nearly a quarter of password manager customers (22 percent) changed providers in that time. Still, most users showed great confidence in the technology, regardless of the service provider. Password manager subscribers are twice as likely to consider them safe and secure as non-users.
So how might password manager providers win over those stubborn web surfers who still memorize their login credentials?
Password Manager Market Poised for Growth
As seen above, Americans without password managers remain dubious about the technology. Barely one in three trust that the vaults are effective, and one in four believe they’re unsafe or insecure. Holdouts are also skeptical about benefits and have concerns regarding price, setup, and operation.
|What is your main reason for not using a password manager?|
|Not sure I need one||28%|
|They’re not secure||28%|
|They cost too much||16%|
|I don’t know how they work||15%|
|They’re too hard to set up||12%|
Each consumer concern might be dispelled with a little more education. Conspicuous data breaches and expert advice should convince most of the need for a password manager. Customer satisfaction (as detailed above) and technical insight should explain how vaults work and establish that the programs are secure. The availability of free apps and browser extensions spotlight the affordability and simplicity of password managers.
Making the case to those without password managers could prove fruitful, as nearly 70 percent of non-users would consider signing up.
Of those open to considering a password manager, 39 percent had their ID stolen during the past year. Only half as many (20 percent) were victims among those eschewing vault use. This split indicates that difficult lessons may be the best motivator – password managers gain appeal after a breach.
Hopefully, more consumers will act preemptively on good information instead of remedially after a bad experience.
In an age rife with cybercrime that threatens our increasingly online lives, personal digital security is paramount. Society’s most private data lies beyond passwords, and too few Americans adequately safeguard their digital secrets.
The most basic precaution for protecting logins lies with password managers. These simple programs can generate, catalog, and monitor complex codes across several electronic devices. Such vaults are easy to use, effective, affordable, and readily available, yet only one in five Americans currently take advantage of them.
Last year we reported that 69 percent of adults without password managers were willing to consider a vault. Since then, one-third of the nation suffered corrupted credentials, yet the number of users remained roughly the same.
An identical portion of the populace remains open to obtaining password managers this year. We hope they act before it’s too late.
In November 2022, we conducted an online survey to ask 1,047 American adults about their experience with cybercrime, their methods of password tracking, and their opinions on password manager applications. The respondent pool represented the American population based on gender, age, and race.