Most Brits Rely On Memory To Manage Passwords, Says Bitwarden

Open source password manager Bitwarden has released the results of its global password survey, ahead of World Password Day on 5 May.

It found for example that nearly all (99 percent) of UK respondents are familiar with best practices surround password security, but unfortunately they are not actually putting that knowledge to use.

Poor password practices are still an ongoing source of worry for most security professionals – not helped by the fact that previous surveys have identified ‘123456’ as being of one of the most commonly used passwords, as is the word ‘password’ itself.

Bitwarden survey

Now this week California-based Bitwarden released the findings of its research, which surveyed over 2,000 internet users globally on how they view and manage their own password security.

The research found that 59 percent of UK respondents still rely on their memory to manage passwords. But this has predictable outcomes, with 35 percent having to reset their passwords every day or multiple times a week because they can’t remember them.

The Bitwarden survey also revealed that in the UK, 35 percent of respondents experienced a data breach within the last 18 months, compared to about 1 in 4 (23 percent) globally.

The majority of Brits (86 percent) log in to websites or apps multiple times a day, which may help explain why 68 percent of respondents believe it is more important for a password to be secure than be easy to remember.

Worryingly, the survey also found that 86 percent of Brits still reuse passwords across multiple sites, with 69 percent of Brits have an average password length of 9-15 characters (14 is considered a secure start point).

Of those surveyed globally, Americans are most likely (44 percent) to use a password manager compared to Brits (37 percent) and Germans (32 percent).

The survey also found that two-factor authentication (2FA) has gone global: 82 percent of UK respondents use 2FA for workplace accounts and 81 percent use it for personal accounts. Globally, that number sits lower at 73 percent for work and 78 percent personal.

Workplace password managers

“The importance of password management best practices is getting through to people,” said Bitwarden CEO Michael Crandell. “Individuals understand they should be secure and that recognition is an important first step.”

“But they can better protect themselves by embracing tools such as password managers that are readily available, and free,” said Crandell. “Password managers mitigate the need for an over-reliance on memory and password reuse across multiple sites.”

The Bitwarden survey also revealed that mandatory password manager usage in the workplace has yet to take off, despite the increase in remote working during the Coronavirus pandemic over the past two years.

Only 34 percent of Brits are required to use a password manager at work. Globally, that number (25 percent) is even lower.

In both cases, a majority (69 percent in the UK and 64 percent globally) of respondents believe workplaces should provide employees with a password manager to protect credentials.

“Despite the documented effectiveness and low cost of password managers, workplaces surprisingly often leave employees to figure password management out themselves,” concluded Crandell.

“Employers should pay heed to the fact that employees want to be protected,” said Bitwarden’s Crandell. “In addition to the desire for password management software, 83 percent of global respondents believe employers should provide security tools and training specifically for a remote work environment. Cybersecurity risks are only increasing, so the time to make these changes is now.”

That said, some tech giants are looking beyond passwords.

Last September Microsoft revealed it was moving away from password protection.

The software giant pointed out that in March 2021 it began to allow the passwordless sign in for commercial users.

But during the third quarter of 2021, Microsoft began to allow all users to completely remove the password from their Microsoft account and sign in via another verification solution.