How global password practices are changing
Password health and hygiene improved globally over the past year, reducing the risk of account takeover for consumers and businesses, according to Dashlane.
Password reuse remains prevalent, however, leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication (MFA).
Password health and hygiene improves across-the-board
According to the report, the average Password Health Score was between 70.9 (Northern America) and 78.2 (Eastern Europe). While each region fell within the “Needs Improvement” range (a score between 60-90), all regions did improve their scores by an average of nearly two points in the past year. This is due to a decrease in the number of weak, reused and compromised passwords in every region.
“It’s encouraging to see that people are de-risking their digital lives by improving their password health across-the-board,” said John Bennett, CEO at Dashlane. “The incremental improvements we’re seeing can have an outsized impact on reducing risk for users and their employers, especially from opportunistic, wide-net attacks.”
Recent password-spraying style attacks that leverage compromised credentials, such as those against 23andMe accounts, illustrate the increased risk and greater exposure that comes from password reuse.
Dashlane found that each of the 14 regions included in the report has a share of 44% or more reused passwords, which puts all their accounts at higher risk. Regardless of whether or not a user’s passwords are strong, a reused password can have a domino effect: If one account is compromised, they could all fall down, especially without MFA.
The report found that the average user has an overwhelming 227 accounts that require a password, making it unrealistic to expect anyone not using a password manager to be able to adequately secure and manage their digital lives.
“As more of our lives are online, password sprawl increasingly becomes a major issue that Dashlane can help alleviate,” said Donald Hasson, CPO at Dashlane. “As we work to replace the password with a more secure and user-friendly option like passkeys, we need to continue to focus on getting the basics right, like ensuring good password hygiene coupled with strong multi-factor authentication.”
Passkeys can’t come soon enough
The fastest way to boost password health and hygiene is to transition to passkeys — a secure, easy-to-use, and phishing-resistant replacement for passwords. Passkeys don’t need to be remembered by users, since they are automatically available directly from the user’s device or password manager.
“The passkey is the most consequential security advancement in decades because it makes the easiest path the most secure for everyday users on a global scale,” said Bennett. “In security, it is rare to have an innovation that is more secure and easier to use. Passkeys give you both, not to mention the benefits they’re going to have for businesses in terms of reducing risk and damage caused by breaches.”