Dashlane: global password health and hygiene improving, but reuse increases risk

Nov. 2, 2023
Recent password-spraying style attacks that leverage compromised credentials, such as those against 23andMe accounts, illustrate the increased risk and greater exposure that comes from password reuse.

NEW YORK -- A new report from credential management company Dashlane has found that password health and hygiene improved globally over the past year, reducing the risk of account takeover for consumers and businesses. Password reuse remains prevalent, however, leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication (MFA).

The second annual Global Password Health Score Report details the password hygiene of Dashlane’s more than 19 million users and 22,000 customer organizations worldwide, based on aggregated, anonymized data. Report findings are based on the Password Health Score, calculated using Dashlane’s proprietary algorithm, which factors in the number of weak, reused/similar, and compromised passwords in each Dashlane user’s vault. Scores range from 20 to 100, with higher scores indicating greater health.

Password health and hygiene improves across-the-board

According to this year’s report, the average Password Health Score was between 70.9 (Northern America) and 78.2 (Eastern Europe). While each region fell within the “Needs Improvement” range (a score between 60-90), all regions did improve their scores by an average of nearly two points in the past year. This is due to a decrease in the number of weak, reused and compromised passwords in every region.

“It’s encouraging to see that people are de-risking their digital lives by improving their password health across-the-board,” said John Bennett, Chief Executive Officer at Dashlane. “The incremental improvements we’re seeing can have an outsized impact on reducing risk for users and their employers, especially from opportunistic, wide-net attacks.”

Reuse remains rampant

Recent password-spraying style attacks that leverage compromised credentials, such as those against 23andMe accounts, illustrate the increased risk and greater exposure that comes from password reuse.

Dashlane found that each of the 14 regions included in the report has a share of 44 percent or more reused passwords, which puts all their accounts at higher risk. Regardless of whether or not a user’s passwords are strong, a reused password can have a domino effect: If one account is compromised, they could all fall down, especially without MFA.

With Dashlane, users can see whether their password has been compromised or reused and quickly generate a new, unique password in its place. The report found that the average user has an overwhelming 227 accounts that require a password, making it unrealistic to expect anyone not using a password manager to be able to adequately secure and manage their digital lives.

“As more of our lives are online, password sprawl increasingly becomes a major issue that Dashlane can help alleviate,” said Donald Hasson, Chief Producer Officer at Dashlane. “As we work to replace the password with a more secure and user-friendly option like passkeys, we need to continue to focus on getting the basics right, like ensuring good password hygiene coupled with strong multi-factor authentication.”

Passkeys can’t come soon enough

The fastest way to boost password health and hygiene is to transition to passkeys — a secure, easy-to-use, and phishing-resistant replacement for passwords. Passkeys don't need to be remembered by users, since they are automatically available directly from the user’s device or password manager.

“The passkey is the most consequential security advancement in decades because it makes the easiest path the most secure for everyday users on a global scale,” said Bennett. “In security, it is rare to have an innovation that is more secure and easier to use. Passkeys give you both, not to mention the benefits they’re going to have for businesses in terms of reducing risk and damage caused by breaches.”

To aid users in their transition to passkeys, Dashlane launched Passkeys Directory, a community-driven resource that tracks and lists all sites that offer passkeys.

To download the Password Health Score report and find out what steps users can take to improve their score, please visit dashlane.com/resources/global-password-health-2023.