Find the Best Password Manager for You Do you currently use a password manager? Get started with a secure password manager today

Password Security: Are You At Risk?

Could you be exposing your personal data to hackers? We uncover the common password and security mistakes made by Americans.

Unsecured passwords can lead to data breaches and ransomware attacks – potentially leave companies having to pay a fortune. New research provides a shocking insight into just how lax Americans’ passwords are, with one in every 142 passwords being the sequence, “12345”.  

This research comes just a week after President Trump’s Twitter account was easily hacked due to poor password habits. Victor Gevers, security researcher and chair of the Dutch Institute for Vulnerability Disclosure, recently revealed that he could access the Twitter account of the president, thanks to his easy-to-guess password, “maga2020!”. 

Cyber security is a huge concern for most modern business, and it’s only getting more troubling with remote workforces. So, let’s uncover the common mistakes Americans make with their passwords, and what solutions are available.

What Password Mistakes Are People Making?

When it comes to passwords, there’s usually a common set of mistakes that pop up. The first is predictability. With all our personal data being held online, you’d think we could come up with more inventive passwords to keep us safe. The reality, however, is that people are still very lazy with creating passwords.

A recent study showed that the most common password remains ‘123456’. In fact, on average, one in every 142 passwords is ‘123456’.

The other major issue that tends to occur is reusing passwords on multiple sites. As soon as hackers breach a database of credentials, all online accounts using the same password are compromised. And if your password is as predictable as ‘123456’, you’re at considerable risk.

How Predictable Are Your Passwords? asked 750 Americans to share their password strategies and security habits to see whether there were any recurring patterns in password issues. 

Here are the key findings:

  • 45% of Americans use passwords that are eight characters or less
  • 25% of Americans share their personal passwords with other people
  • 15% of Americans use strong password generators
  • 21% of Americans have used Trump or Biden as part of their password in 2020. More Americans use Trump (12%) than Biden (9%)
  • 14% use “COVID” in their password
  • 20% admit to dropping an f-bomb or other curse word as part of their passwords
example of weak password

The Consequences of Bad Passwords

The implications for bad password management get worse, still, when you consider how common it s for users to re-use the same passwords over and over across multiple accounts. Just one of those accounts being breached could put multiple logins at risk.

To give you an insight into the nightmarish world of poor-security management, NordVPN evaluated the highest-profile data breaches so far in 2020. Among these, the following data breaches lifted vast numbers of passwords: 

Zoom credentials hack – In the first week of April 2020, more than 500,000 stolen Zoom passwords were reported to be available for sale on the dark web. Some of the credentials were given away for free, while others were sold for as little as a penny each. The credentials each contained the username, password, registered email address, host key, and personal meeting URL. 

Marriott social engineering attack – In March 2020, the Marriott Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests. Hackers were able to draw off the data of 5.2 million guests by hacking the user credentials belonging to just two members of Marriott’s staff. 

easyJet credential theft – The UK-based low-cost airline easyJet announced that cybercriminals had stolen data records of 9 million customers. With Europe’s strict GDPR rules, companies that breach data protection regulations could be in for some eye-watering penalties. The law firm PGMBM filed a class action lawsuit on behalf of the affected easyJet customers for $23 billion (£18bn).

How Can You Secure Your Passwords?

Ignorance truly is bliss. Although 91% of consumers agree that using the same password poses a security risk, roughly 66% of Americans use the same password anyway. 

So, really, our main solution is to listen to experts and change up our password habits. Below, we’ve listed a few basic rules to follow when it comes to cyber security:

  • Have long, strong passwords, with a mixture of numbers, letters, and special characters
  • Don’t reuse passwords across multiple sites
  • Store passwords securely –  let a password manager do the hard work for you
  • Use two-factor authentication
  • If a site you use has a data breach, change your password immediately, and check you’re not re-using that password and email combination on other sites 

This means you’re going to end up with a lot of passwords if you don’t reuse them, right? Well, that’s where password managers come in handy. A password manager can mitigate a lot of the stress and danger around exposed staff login details.

Luckily for you, we’ve tested the most popular password managers, and found 1Password to be the best, thanks to its extensive feature set, some tempting price plans, and easy to use interface. Dashlane comes in a close second, with global favourite LastPass not far behind.

0 out of 0
Local Storage Option
Two-Factor Authentication
Failsafe Function
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Help Instructions
Email Support
Live Chat Support
Phone Support
Business Plan?
Business Price
Cheapest available business plan
Click to Try




Sticky Password





$19.95/10 users




Try 1Password Try NordPass Try LastPass Try Dashlane Sticky Password

Some tech companies are also trying to do their bit to help us with our password problems. In a recent blog post, Microsoft announced it has improved its compromise-detection capabilities to better defend against password spray attacks. 

According to the tech firm, their software uses machine learning to double the existing detection rate, while maintaining a 98% level of precision.

“Our data scientists started researching the use of these patterns and additional data to train a new supervised machine learning system incorporating IP reputation, unfamiliar sign-in properties, and other deviations in account behavior. The results of this research led to this month’s release of the new password spray risk detection.” – Alex Weinert, Microsoft Identity Division – Security and Protection Team

This new machine-learning detection is able to detect twice the number of compromised accounts of the previous algorithm.

So, there are plenty of steps we can all take to make sure our data is kept safe and sound. All you need to do now is change your habits – and steer clear of ‘123456’!

About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Beth is a Writer for Having written on a variety of platforms over the years, she prides herself on an eclectic portfolio across multiple sites, and regularly covers articles on the latest environmental tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals