Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More
All of us, at some point or other, have forgotten a password and needed a reminder. One study suggests the reason for this could be that we’re each juggling a huge 100 passwords across various sites and services.
The study, commissioned by NordPass, found that the average number of passwords has actually increased in recent years, with the global pandemic potentially to blame, as more of us sought out new entertainment and services online.
The best way to manage this centum of passwords is with a password manager — here, we explain how.
How Many Passwords Should the Average Person Remember?
All of us have many passwords to manage on a daily basis. Across retail websites, email, social media and other services, we’re all too familiar with the sheer wealth of login details that we have to juggle. The coterie of researchers at NordPass confirms what we’ve long suspected, although the huge number of passwords the average person is expected to remember — 100 — may still shock some.
According to the research, the number actually increased 25% between 2019 and 2020, when compared with a similar poll which placed the average number of passwords at 70 to 80.
“We now partly understand why people use easy-to-guess passwords — they simply have too many to remember. So, it’s hardly surprising that people use either very simple passwords or have a few and reuse them for all accounts” -Nord Security Expert
One reason for this could be the global pandemic, which forced many people to use more services online, generating new accounts in the process.
Respondents stated that they had downloaded more leisure and productivity apps since 2020, such as planners and calendars, as well as new work services, as necessitated by the move to working from home for many.
What Makes a Good Password?
A good password should, first and foremost, be an original one. It’s all too easy to simply use the same password for multiple sites and services – after all, you’re more likely to remember it, especially if you’re managing the average 100 passwords. However, the obvious danger here is that if one of your accounts is compromised, then they all are. So, remember, create an original password for each service you use.
Another pitfall to be aware of is that many people use similar passwords. According to research, again by NordVPN, lots of us are using very obvious passwords, that are all too simple to crack. Think you’re being smart by using a keyboard pattern instead of a word? You’re not as genius as you may think.
The list put together by NordPass of the most common passwords of 2022 is shocking — if only because you might recognize some of your own on there! Examples, such as 123456, abc123, iloveyou, football, qwerty and guest, could all be cracked in seconds. It’s much better to actually put some time into your password creation and think of something that’s genuinely unique, memorable, and robust.
Password Best Practice
Okay, so 100 passwords is too many to remember. But you can’t just use the same one everywhere. So what should you do? Here are our top tips.
1. Have a different password for every account
What’s the number of passwords that the average person is still able to remember, but any risk of leaked information is mitigated? Bad news: there isn’t one.
The one truly safe solution is to have a different password for each and every account. If you have 100 accounts, 100 passwords really is the safest move. This is because hackers can find any online accounts tied to your email address, and will immediately try reusing any password across all your accounts.
Good news: you don’t have to remember them all. More on that in a bit.
2. Use long, secure passphrases
A strong password should have 12 or more characters and a mix of upper case letters, lower case letters, numbers, and symbols. Nearly 30% of all passwords are eight characters, while almost 20% more are six characters long. But when it comes to uncrackable logins, you’ll want at least 12. Using a passphrase can help you to achieve a secure length.
If you’re unsure if your password is strong or not, there are tools you can use to test your password strength.
3. Avoid sensitive and guessable information
Don’t use your own personal information in a password, like your name, birthday, or your pet’s name, and try to avoid typical capitalizations, such as capitalizing the first letter. This will help to keep your password from being guessed, and avoid giving away further information that can be used to compromise your online security elsewhere, if an account is hacked.
4. Regularly update your passwords
There’s also the matter of how often to change your password. Again, the typical person doesn’t have much of a protocol in place: Just 31.3% of internet users will create new passwords “once or twice a year,” according to the Digital Guardian, a data loss prevention software company.
But the longer a password is in use, the more likely it has been leaked in a massive data breach — such as Collection 1-5, the name of a breach which exposed 2.2 billion unique emails and passwords back in January 2019. Yes, that’s billion with a B.
5. Use a password manager
A password manager is a software solution that logs all your passwords, and automatically fills them in when you visit a secure website or app login page. With this tool, you can use one main password to access all your other passwords and personal information. As long as you follow best practices with that core password, you’ll remain secure without needing to remember 100 different pass phrases.
6. Use two-step authentication
Two-step (or “two-factor”) authentication refers to a process that makes users sign in with two different forms of authentication before they are verified. A common example is using your smartphone SMS to receive a text with a second code even after you’ve entered a password. This makes it much less likely that a hacker can access your account, since the hacker would have to physically steal your phone as well as virtually steal your password.
Read our guide on creating a secure password
How to Remember All Your Passwords
If you just keep all your passwords in your head, you’re in the majority: 53% of people rely entirely on their own memory to keep track of passwords, a Ponemon Institute study shows.
The most common memorization strategy is the same one that NordPass warns against: Reusing passwords over and over. Perhaps unsurprisingly, that same Ponemon study found that a similar percentage (51%) of the population reuse the same passwords across work and personal accounts, further muddying the waters of online security. The younger generation isn’t any more tech savvy than the rest, either, with a whopping 76% of those between the ages of 18 and 24 likely to reuse a password, the Digital Guardian finds.
Perhaps their worrying keeps those passwords in mind: One more study, from Avast, determined that nine out of ten people are afraid their passwords are vulnerable to attack, with 46% reportedly “very concerned” and another 44% keeping it down to just “a little concerned.”
There’s only one good method for remembering the dozens and dozens of passwords an internet user needs to track these days, and it’s the simple password management tool, as we highlighted in our best practice tips, above.
Should I Use a Password Manager?
Simply put, yes. It’s something that we’ve always preached at Tech.co, but given this insight from Nord about the sheer volume of passwords that we’re all struggling to manage, it seems more necessary now than ever.
The benefits of a password manager are numerous. The most obvious is that they keep all your passwords in one place, and can automatically fill them in for you, without you having to wrack your brain to remember what password you created for your ten-year-old social media account. However, that’s just the tip of the iceberg.
Password managers can also create passwords for you, with the benefit being that they will be strong and secure – more so than if you had created them yourself. Not only that, but some services will actually monitor the web and alert you as soon as your details are compromised through a breach or hack, allowing you to change your password immediately, to mitigate any damage.
Best of all, password managers are not expensive. They amount to a few bucks a month, and for peace of mind, that’s great value. If you’re looking to make your online experience more secure, whilst at the same time removing the stress of remembering 100 passwords from your life, check out our password manager recommendations.
Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Price | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
FEATURED | TOP PICK | ||||||||||||
NordPass | LastPass | Dashlane | Sticky Password | ||||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| | | | | |||||||||
| $3/month | $4.99/month | $3.33/month | ||||||||||
| | | | | |||||||||
$19.95/10 users | $3/user/month | $60/user | $29.99/user | ||||||||||
Try 1Password | Try NordPass | Try LastPass | Try Dashlane | Sticky Password |
FAQs
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page