Written By: Security.org Team | Published: October 22, 2020

It’s Cybersecurity Awareness Month, and in our second annual report on America’s password habits and strategies we observe that most Americans can be considerably safer.

One again, we asked 750 Americans to share their password strategies and security habits (no, we didn’t ask for their actual passwords.) Before getting into the details, let’s review best practices.

Best Practices, Simplified:

  • Don’t reuse passwords across sites. 
  • Have long, strong passwords – a mix of numbers, letters and special characters
  • Store passwords and other docs securely – such as with a password manager
  • Use two-factor authentication whenever you can – which might use a code texted to your phone or a fingerprint or facial recognition to sign-in
  • If a site you use has a data breach, immediately change your password.
  • Want to check how strong your password is? Try our password strength checker.

So what did Americans say?

First, some bad news:

  • Forty-five percent of Americans use passwords that are eight characters or less.
  • Twenty-five percent of Americans share their personal passwords with other people.
  • Just 15 percent of Americans use strong password generators. 

Now, for some key findings on Americans’ “inspiration” for passwords:

  • Twenty-one percent of Americans have used Trump or Biden as part of their password in 2020. More Americans use Trump (12%) than Biden (9%).
  • Fourteen percent use “COVID” in their password.
  • Twenty percent admit to dropping an f-bomb or other curse word as part of their passwords.

We’ll share more details on these findings below, but let’s dive deeper into the strategies Americans use.

So how do Americans get their inspiration for passwords?

Well, current events play a part. As stated above, fourteen percent of Americans said they used the word “COVID” as part of a password. Pets are pretty popular too. In fact, more people use their pet’s name as part of a password than a parent’s name, child’s name, last name or friend’s name. Digital security experts recommend, of course, avoiding personal information in any password.

The presidential election is front and center of many Americans’ minds, as Trump (12%) and Biden (9%) make their way into passwords. For those who have just had enough of 2020, curse words are popular, too, part of 20 percent of passwords.

What do Americans include in their passwords (Select all that apply)?
Curse Word20%
Birth year16%
Pet's name16%
“Covid”14%
“Trump”12%
First name11%
Dictionary words11%
Misspelled words11%
Street name11%
Age10%
“Biden”9%
Last name9%
Child's name9%
Acronyms9%
Partner's name8%
Series of keys on the keyboard (eg. QWERTY)8%
Common phrases (eg. “I love you”)7%
Parent's name7%
Name of site password is for6%
Graduation year6%
Repeated characters (eg. “aaaaaa”)5%
Friend's name5%
I Use a password generator15%
None of the Above13%

How Long Are Passwords?

Forty-five percent of Americans have passwords that are eight characters or less, and just 22 percent have long passwords of at least 12 characters. For the 16 percent of you that have short passwords of seven characters or less, please change it!

According to our password strength checker, America’s most popular password of ‘123456’ would be cracked “Instantly” by a computer. Even a more complex 6-character password like 7*Yv/+ would only take a computer 17 seconds.

Americans and Security Habits

More Americans (37 percent) rely on the old-fashioned “memory” than any other technique for storing passwords. Respondents may have thought password management apps were the best storage method, but very few actually use them.

This one is a big no-no, sharing your personal passwords with other people.

Protect Your Information

We live most of our lives online, with personal information protected by a combination of letters and numbers. Practice safe password hygiene and minimize the likelihood you are victim to identity theft. 

About Security.org and Methodology

Security.org's research team focuses on physical safety, digital safety and identity theft. What it means to be safe has expanded beyond just home security and means protecting our personal and financial data and digital footprint. We study the issues facing modern society and partner with organizations and research institutions to broader America's understanding and awareness of digital safety.

To conduct this year’s study, we collected responses from more than 750 adults who use internet-based passwords. Click here to see last year’s study. Anyone who had at least one password in their lives was qualified to take the survey. Before respondents took the survey, they had to say they were comfortable answering questions about their password habits.