Password Security in 2025: Americans Are Still Making Critical Mistakes

Passwords are implicated in 85% of hacking-related breaches in 2025, according to the latest IBM Security Report. An alarming 52% of Americans reported having their password stolen in the past year, with 41% believing their password was compromised due to weakness, while 38% attribute the theft to password reuse across multiple platforms.

You weren't one of them? Lucky you. Maybe you don't use a password as ridiculous as "123456" or "Password" (which still rank among the top 10 most common passwords in 2025). But you may still be part of the majority of Americans who made common password security mistakes this year. If you are, you might not be so lucky next time.

Astonishingly, 47 percent—that's nearly half of us—shared personal passwords with other people at some point in 2025, without protection like a good password manager. That's just asking for trouble.

The above is just one of the fascinating insights from the latest cybersecurity report by CompariTech. Below are some of our favorites. Have you broken any of these rules? If you have, it's not too late to change your ways!

A Year in Numbers, Letters, and Special Characters

We're Drowning In Passwords

Forty-three percent of people now manage more than 30 passwords for their personal lives, and between 15 to 120 work passwords, depending on their industry and country, according to a 2025 Microsoft identity study.

Shockingly, 49% of people still rely on memory alone to manage their passwords, including passwords they use for work!

Unsurprisingly, our reliance on memory has resulted in 83% of us having to reset a personal password in the last 90 days, and over 62% have had to reset a work-related password in that same period. Resetting passwords is an annoying and time-consuming endeavor, with the average American spending 31 hours each year resetting passwords according to Forrester Research.

How does that play out at work? Roughly 53% of employees sometimes or frequently share passwords with colleagues, usually by email (55%) or messaging apps (27%). If you're concerned about your team's password management practices, maybe it's time to consider an alternative method like a password manager for teams.

We Reduce, Reuse, and Recycle

Thirty-seven percent of people use the same password across multiple accounts, with 18% using the same password for both work and personal accounts. On average, employees use the same password an astounding 16 times! Most people that do reuse passwords use the same password on at least five different accounts.

Who are the worst offenders? Millennials and Gen Z. 81% of millennials and 79% of Gen Z recycle their passwords according to a 2025 Pew Research study. Those in the 55+ age range are less likely to recycle their passwords and are more likely to use unique passwords for their online accounts.

If only we could get people to commit to recycling their recyclables!

We're Cursing More

It's been a challenging few years for many people, so perhaps Americans are expressing their frustrations through their password choices. Out of 3.1 billion unique passwords that were analyzed in a 2025 data breach compilation, 219,560,782 (about 7.1%) included curse words. Of those, the favorite curse word remains "ass," followed by "sex," with the f-bomb coming in a close third.

Recent linguistic research from Stanford University suggests that cursing has continued its upward trend since the 1950s, appearing more in music, books, social media, and, yes, even in our passwords.

Cybercriminals know this and will often use curses in their attempts to crack passwords with brute force attacks. So, if you curse in your passwords, you might want to keep it clean for your sake (and grandma's).

Our Passwords Are Hot, Hot, Hot

The most common season used in passwords is still "summer," with the top three months being "may," "june," and "august" respectively.

"Tokyo" has overtaken "Abu" (for Abu Dhabi) as the most widely used city in the world. "Austin" and "miami" now top the list of US cities.

For sports teams, the NBA's "Suns" and the NFL's "Chiefs" are the most widely used in passwords globally.

Maybe there's no correlation, but we don't believe in coincidences.

We Keep It Personal

Most people use personal information in their passwords to keep them memorable. 63% use their name or birthdate, according to a 2025 security survey by LastPass.

Which names are the most popular? Pets. That's right, 36% of respondents use a pet's name, whereas 19% use their first name, 17% use their last name, 12% use a child's name, and 9% use a parent's name. Spouses still don't make the list.

For humans, Eva and Alex continue to appear the most, both topping 9 million appearances, with Liam, Olivia, and Emma following behind.

Personal information should never be used in a password. Cybercriminals can scour the internet, collecting data about you to use in credential stuffing attacks.

We Like to Repeat Characters. Repeatedly.

Eight percent of people used a password with repeated characters in 2025. That means passwords like "aaaaa" and "eeeee." We're not sure why.

Repeating characters is NOT recommended. Including a variety of characters, including a mix of uppercase and lowercase, special characters (e.g., ! @, *, etc.), and numbers increase the number of possible combinations, which increases how long it would take to crack the password. Better yet, consider using a secure passphrase instead.

We Don't Like to Use Lots of Characters

Nearly 54% of Americans used passwords with just eight characters or fewer in 2025, according to Cybersecurity Ventures. But it gets worse. 29% of Americans used passwords with seven characters or fewer. (Just over 15 percent used longer, stronger passwords of 12 characters or more.)

What's the deal with length? In short, the longer the password is, the more difficult it is to crack. A six-character password can be cracked in minutes to hours, an 8-character password can be cracked in days to weeks of concentrated attempts, whereas it would take years to crack a 12-character password with even the most advanced tools available.

Improve Your Password Security

Now that hybrid and remote work has become the norm, the need for password security has never been greater. Not all the passwords on this list are bad, but there's no excuse for using fewer than twelve characters and sharing passwords with no protection. Plus, many of the passwords listed above are predictable, making it easier for hackers to guess them.

Here are some pro-tips:

1. Longer passwords are stronger passwords - aim for at least 12 characters!
2. Use a combination of numbers, letters, and special characters.
3. Consider using biometric authentication where available.
4. Implement multi-factor authentication for sensitive accounts.
5. And, perhaps, most importantly, use a password manager like TeamPassword.

Nineteen percent of Americans still don't employ any specific measures for password safety, according to Pew Research Center. Don't be one of them. TeamPassword is a simple and effective way to store and share passwords and team logins so you can keep business projects moving and protect your assets.

Click here to get TeamPassword.

Passwords are implicated in 81% of hacking-related breaches. According to Forbes, 46% percent of Americans reported having their password stolen in the past year, 35% believe that their password was compromised due to a weak password, while 30% attribute the theft to using the same password across multiple platforms. 

You weren't one of them? Lucky you. Maybe you don't use a password as ridiculous as "123456" or "Password" (believe us, plenty of people still use these). But you may still be part of the majority of Americans who made common password security mistakes in 2024. If you are, you might not be so lucky next time.

Astonishingly, 43 percent—that's nearly half of us—shared personal passwords with other people at some point this year. That's without protection like a good password manager, which is just asking for trouble. 

The above is just one of the fascinating insights from a report by the pro-consumer website comparitech.com. Below are some of our favorites. Have you broken any of these rules? If you have, it's not too late to change your ways!

A Year in Numbers, Letters, and Special Characters

We're Drowning In Passwords

Thirty-seven percent of people manage more than 20 passwords for their personal lives, and 10 to 97 work passwords, depending on their industry and country. 

Shockingly, 54% of people rely on memory alone to manage their passwords, including passwords they use for work! 

Unsurprisingly, our reliance on our memory for passwords has resulted in 78% of us having to reset a personal password in the last 90 days, and over half of us (57%) have had to reset a work-related password in that same time period. Resetting passwords is an annoying and time-consuming endeavor, with the average American spending 26 hours each year resetting passwords!

How does that play out at work? Roughly 50% of employees sometimes or frequently share passwords with colleagues, usually by email (53%). If you're concerned about your team's password management practices, maybe it's time to consider an alternative method. 

We Reduce, Reuse, and Recycle

Thirty-two percent of people use the same password across multiple accounts, with 14% using the same password for both work and personal accounts. On average, employees use the same password an average of 13 times! Most people that do reuse passwords, use the same password on at least four different accounts. 

Who are the worst offenders? Millenials. Seventy-six percent of millennials recycle their passwords. Those in the 50+ age range are less likely to recycle their passwords and are more likely to use unique passwords for their online accounts. 

If only we could get people to commit to recycling their recyclables! 

We're Cursing More

It's been a terrible few years for many people, so perhaps Americans are expressing their frustrations through their password choices. Out of 2.2 billion unique passwords that were analyzed, 152,933,335 (about 7%) included curse words. Of those, the favorite curse word, by far, was "ass," followed by "sex," and the f-bomb coming in a close third. 

What little research exists on swearing suggests that cursing has been on the rise linguistically since the 1950s, appearing more in music, books, and, yes, even in our passwords. 

Cybercriminals know this and will often use curses in their attempts to crack passwords. So, if you curse in your passwords, you might want to keep it clean for your sake (and grandma's).

Our Passwords Are Hot, Hot, Hot

The most common season used in passwords is "summer", with the top three months being "may," "june," and "august" respectively. 

"Abu" for Abu Dhabi is the most widely used city in the world. "Austin" and "antonio" are the top the list of US cities.

For sports teams, the NBA's "Suns" and "Heat" are the most widely used in passwords globally.

Maybe there's no correlation, but we don't believe in coincidences. 

We Keep It Personal

Most people use personal information in their passwords to keep them memorable. Fifty-nine percent use their name or birthdate. 

Which names are the most popular? Pets. That's right, 33% of respondents use a pet's name, whereas 18% use their first name, 16% use their last name, 11% use a friend's name, and 8% use a parent's name. Spouses didn't make the list. 

For humans, Eva and Alex appear the most, both topping 7 million appearances, with Anna, Max, and Ava following behind.

Personal information should never be used in a password. Cybercriminals can scour the internet, collecting data about you to use in a cyberattack.

We Like to Repeat Characters. Repeatedly.

Seven percent of people used a password with repeated characters in 2024. That means passwords like "aaaaa" and "eeeee." We're not sure why. 

Repeating characters is NOT recommended. Including a variety of characters, including a mix of uppercase and lowercase, special characters (e.g. ! @, *, etc.), and numbers increase the number of possible combinations, which increases how long it would take to crack the password. 

We Don't Like to Use Lots of Characters in Our Passwords

Nearly 60% of Americans used passwords with just eight characters or fewer in 2024. But it gets worse. One-third of Americans used passwords with seven characters or fewer. (Just over 10 percent used longer, stronger passwords of 12 characters or more.) 

What's the deal with length? In short, the longer the password is, the more difficult it is to crack. A six-character password can be cracked in minutes to hours, an 8-character password can be cracked in days to weeks of concentrated attempts, whereas it would take years to crack a 12-character password with even the most advanced tools available. 

Improve Your Password Security

Now that more of us are working from home, the need for password security has never been greater. Not all the passwords on this list are bad, but there's no excuse for using fewer than twelve characters and sharing passwords with no protection. Plus, many of the passwords listed above are predictable, making it easier for hackers to guess them. Here are some pro-tips:

• Longer passwords are stronger passwords - aim for at least 12 characters!
• Use a combination of numbers, letters, and special characters.
• And, perhaps, most importantly, use a password manager like TeamPassword. 

Twenty-two percent of Americans don't employ any specific measures for password safety! Don't be one of them. TeamPassword is a simple and effective way to store and share passwords and team logins so you can keep business projects moving and protect your assets. 

Click here to get TeamPassword!