Exclusive: most people still reuse their passwords despite years of hacking

A close-up image of a keyboard, with a key marked "Password".
(Image credit: Getty Images)

The results are in for our exclusive password manager survey in partnership with OnePulse, and we've uncovered a few surprises.

As we all accumulate an ever-increasing number of digital accounts, password security is more important than ever. With the advent of password generators and multifactor authentication, attempts are being made to make our online world both safer and more convenient.

However, it seems that, for whatever reasons, many people still aren’t fully onboard and remain tethered to the old ways of password management. 

The results

In a hardly surprising answer, over 60% stated that they reuse passwords across multiple accounts. Most did so because they couldn’t be bothered to remember multiple ones (40%), and others didn’t feel as if they were in danger of being hacked (27%). Only 33% said that they didn’t reuse passwords. 

Despite the ease of using password generators in today’s online world, a staggering 65% still opted to create their own. Perhaps they are not aware of them, or don't trust them; or maybe they are worried that if they can’t access their saved passwords, then they would be locked out of their accounts, since they are too complex to memorize.

Whatever the reasons, it was the most clear cut result in our survey. Perhaps we shouldn’t be too surprised given that most people don’t use password managers either.

Of those that did use a generator, most used the one integrated with their browser (15%), whilst others used an online generator (13%) and only a small minority used one from another source (6%).

People’s diligence seemed to vary when it came to crossovers between work and personal passwords: 34% said that they don’t share multiple passwords between the two, and 30% said they sometimes did. Around 20% each said that they often or always did.

Password advice

One of the foremost experts on good password practice is Bill Burr, who wrote an influential manual on the topic published by the US National Institute of Standards and Technology (NIST) in 2003. It extolled the virtues of creating passwords that are as random as possible and changed regularly. Many websites subsequently required passwords based on his criteria.

The problem is that in practice, as people gathered more and more accounts, they naturally resorted to more simplistic passwords. They would tweak them only slightly: perhaps if you put the number 1 at the end of your password for one login, you’d likely choose 2 for another, and so on.

Bill Burr came to regret his initial advice. Experts now recommend that when making your own password, using a random but memorable string of three words is better. According to analysis, such passwords are much harder to crack than those using a single word with a mix of numbers and special characters, as well as being easier to remember. 

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.