As more aspects of our lives migrate to the cloud, securing personal accounts has become increasingly important and exponentially more challenging. Phishing scams, hackers, breaches, and malware present grave threats to critical data.
Online passwords are a formidable safeguard when used correctly, but best password practices are too rarely employed. Such reckless behavior contributed to a doubling of identity theft between 2019 and 2020.
Our experts recommend using passwords managers (also known as “password vaults”) to coordinate logins and improve personal digital security. These applications can generate complex codes, encrypt them for safe storage, autofill them online, and send alerts when credentials are corrupted. Unfortunately, they have not completely caught on with the public. According to our team's research, 4 out of 5 American adults are not using these protective platforms, while millions are open to adoption.
Key findings from our research:
- One in five Americans currently use a password manager. This equates to an estimated 45 million people.
- Nearly one-third of Americans had their identity or online credentials stolen in the past year, with another 13 percent unsure whether they’d been hacked. Among those who suffered a password or identity theft, only 10 percent were using a password manager at the time.
- Those who rely on their memory to manage their passwords are twice as likely to have their credentials or identity stolen as those who use password storage tools.
- More than two-thirds of those who don’t currently use password managers, or approximately 128 million people, would consider getting one in the future.
Password Managers Are Secure but Underutilized
Our annual cybercrime report documented a rise in internet offenses corresponding to the pandemic’s increased online activity. Our password manager research demonstrates that impact at a personal level: at least 29 percent of Americans had their identity or online credentials stolen in the past twelve months alone.
Ninety percent of these violations occurred among victims without password manager software. Overall, standard memorization remains the most popular way to keep track of online passwords, followed by an assortment of other low-tech approaches.
How do you manage or store your online account passwords? | |
---|---|
Memorization | 41% |
Written on paper | 30% |
Saved in my browser | 24% |
Saved in a digital note file | 23% |
Reuse the same few passwords | 20% |
Password manager | 20% |
* Multiple responses permitted |
Password managers may not be popular, but proved effective: around 1 in 6 vault users suffered a theft or a breach, less than half the rate of most other methods.
Password storage method | Percentage who experienced identity theft in past year | |
---|---|---|
Saved in a digital note file | 35% | |
Reuse the same few passwords | 35% | |
Memorization | 31% | |
Saved in my browser | 30% | |
Written on paper | 28% | |
Password manager | 16% | |
* Multiple methods permitted |
To reconcile the infrequent use of password managers in an environment requiring added security, we dug deeper into public attitudes about them.
Password Manager Clients Embrace Convenience, Skeptics Question Security
Nearly all password manager users employ the applications to manage their personal logins, and almost half also enlist them for work. Additionally, people are using them on a variety of devices, not just on their computers.
On which devices do you use password managers? | |
---|---|
Mobile phone | 77% |
Laptop or desktop computer | 75% |
Tablet | 46% |
Other | 2% |
LastPass was the most popular service among respondents, with nearly double the nearest competitor's users, but an assortment of providers were named.
Which password manager do you mainly use? | |
---|---|
LastPass | 21% |
Keeper | 10% |
McAfee True Key | 8% |
Bitwarden | 8% |
Google Chrome password manager | 8% |
Apple Keychain password manager | 7% |
1Password | 7% |
Dashlane | 7% |
Norton | 3% |
NordPass | 3% |
Password Boss | 2% |
Sticky Password | 1% |
RoboForm | 1% |
Other brands | 15% |
The most cited reasons for turning to password managers emphasized their most notable strengths: generating, storing, organizing, and encrypting numerous complex codes across multiple platforms.
Main reasons people use password managers | |
---|---|
Can’t remember all my passwords | 71% |
Apply logins across different devices | 51% |
Generate/save complex passwords | 45% |
Manage apps with multiple logins | 38% |
Password encryption | 34% |
Ease of one master password | 24% |
* Multiple responses permitted |
The primary reasons for not using a password manager were rooted more in unfamiliarity than fact.
Main reasons people don’t use password managers | |
---|---|
Don’t believe they’re secure | 71% |
Not sure I need one | 51% |
Don’t know how they work | 45% |
Cost too much | 38% |
Difficult to set up | 34% |
* Multiple responses permitted |
Respondents without password managers were most worried about vault security, presumably unaware that data encryption keeps passwords protected even in the rare case of a breach. Other concerns included difficulty of use (though most offer user-friendly apps and browser extensions) and cost (although 61 percent of users said they used a free service).
If these issues are addressed, password manager use is likely to expand – most of those who don’t currently use a password vault are willing to try them.
Would you consider using a password manager in the future? | |
---|---|
Yes | 69% |
No | 31% |
Ultimately, personal exposure may be required to drive broader adoption. Nearly half (46 percent) of those willing to consider a password vault had a credential potentially stolen in the past 12 months, compared to only 32 percent of those stating they'll never use one. Additionally, 13 percent of current password manager users signed up after suffering a recent theft.
As victimization unfortunately rises, so may the motivation to take appropriate precautions.
Password Managers Alone Can’t Guarantee Safety
Password managers are effective tools that provide convenience along with security, but they are not a cure-all against hackers.
Vaults promote good password hygiene, yet users must diligently follow the guidelines: stick to randomly generated complex codes, don’t store logins outside the vault, don’t share passwords or save them on shared machines, enable two-factor authentication, change credentials promptly when notified of corruption, and never reuse or recycle the same passwords – especially for your master password.
Password managers encrypt credentials online and require an offline master password for access. It’s important to keep this password safe and different from any code you’ve used before. We found that nearly 1 in 5 password manager users had recycled their master password, undermining the strength of the vault.
How did you create your master password? | |
---|---|
Unique login | 81% |
Reused previous login | 19% |
Even with perfect password practices and a secure vault, credentials can be stolen via third-party data breaches (like a hack against a retailer, service, or credit agency). These corporate attacks have also escalated this year, but a password manager that empowers unique codes minimizes the danger when one login is taken.
Final Thoughts
In a world where sophisticated cybercriminals deploy algorithms and other advanced hacking tools, it’s reckless to rely upon old-fashioned security, especially with so much at stake.
Our personal, professional, and financial information lives behind passwords that 60 percent of Americans track with their memory or paper notes. The Password Manager and Vault 2021 Annual Report shows that 45 million Americans use encrypted password managers. The other two-thirds, or 128 million people, who don’t use these password managers are open to using one in the future.
Password managers are a simple, affordable, encrypted method to generate and monitor secure keys, but only one in five Americans use them. Still, the lack of password manager adoption directly contributes to increasing identity theft rates. Most holdouts would consider signing up for a vault but have reservations concerning need, cost, security, and complexity. With a better understanding of these applications, perhaps more citizens will sign up as users before being numbered as victims.
Survey results show us that while these password managers aren’t widely adopted, they’re incredibly effective for the people who do use them. To safeguard your information, we suggest using a password manager. The more popular they become, the easier it will be for people to understand and trust them. It’s up to the public to normalize these security tools so that more people can be protected online.
FAQs
What does a password manager do?
A password manager stores your passwords. This makes using unique and hard-to-guess passwords easier, taking the memorizing out of the equation. All you need to remember is the “master” password to access all your other passwords.
Is it a good idea to use a password manager?
Password managers are always a great idea to use as they offer secure password management. They also have advanced security protocols in place to ensure your passwords are protected. Those who don’t use password managers are also more at risk of data breaches and hacks.
Where is the safest place to store passwords?
One of the safest places to store passwords is a password manager. For the master password of your password manager, we recommend memorizing it.
Do you have to pay for a password manager?
This will vary. However, the best password managers will require paid subscriptions.
Do iPhones have a password manager?
iCloud Keychain is a password manager built into your Apple devices.
Methodology
In November 2021, we conducted an online survey to ask 1,077 American adults about their personal experience with cybercrime, their methods of password tracking, and their opinions of password manager applications. The respondents were representative of the American population based on gender, age, and race.