Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted. Today, nearly everyone has multiple forms of MFA for different applications and websites AND many, many passwords.
The average person has somewhere between three to seven unique passwords that they share among over 170 websites and services. Here are some related links to similar statistics:
- The average person has 19 passwords – but 1 in 3 don’t make them strong enough – Naked Security
- The average employee manages nearly 200 passwords – Dark Reading
- Password security habits survey results – Digital Guardian
- Average number of passwords per person – Answers.com
- The average business user has 191 passwords – Security Magazine
And, unfortunately, those passwords often get stolen or guessed. This is why I recommend the following password policy guide: