Cyberattacks pose threats to businesses and individuals on a global scale. The cost of breaches has steadily risen over the past three years, averaging $4.45M for organizations across the world.
As 80% of hacking-related breaches were caused by weak, stolen, or reused passwords in 2023, strong passwords are critical in defending against cyberattacks. Threat actors often rely on the human element—exploiting human error to obtain credentials through social engineering, like phishing scams and business email compromise (BEC) attacks, leading to financial fraud and identity theft.
The average internet user has 227 accounts requiring a password. That's a lot of logins to remember, which is why users without a solid password management strategy typically opt for reusing or repurposing existing passwords. Password-conscious folks, however, know that every reused password provides an opportunity for cybercriminals to find their way in. By updating passwords in the event of a breach and using strong, unique passwords for each of your accounts, you can better prevent threat actors from gaining unauthorized access.
To understand the global outlook of breaches and hacks, we gathered anonymous data on password health from Dashlane users, which we analyzed through our algorithm, the Password Health score. While password health for all regions remains in the “Needs Improvement” range in 2023, password health did improve overall from 2022.
Here are the insights from our 2023 Global Password Health score Report, including which regions are leading the charge in good password health and where individuals and businesses should focus their attention to improve their scores.
How did the Password Health score for each region measure up in 2023?
According to our report, the average Password Health score for 2023 was between 70.9 (North America) and 78.2 (Eastern Europe). These scores fall at the higher end of the “Needs Improvement” range. Though a score of 90 or higher is ideal, all regions did, in fact, improve their scores by an average of nearly 2 points since our 2022 report.
Here’s a breakdown of the most notable scores and improvements:
Superlatives by region
Highest Password Health Score: Eastern Europe
Lowest Password Health Score: North America
Most Improved: South Asia
Least Improved: East Asia
Least % Reused Passwords: Northern Europe
Highest % Reused Passwords: North & West Africa
Lowest % Weak Passwords: South Asia
Highest % Weak Passwords: North America / Oceania
Least % Compromised Passwords: North & West Africa
Highest % Compromised Passwords: North America
As noted, North America has the greatest amount of compromised passwords compared with other regions, as well as the lowest password health scores. A report by cybersecurity company Surfshark found that North America has experienced the most breaches in the first half of 2023, so that would likely explain this high compromise rate.
While the U.S., which makes up most of the North American score, ranks high in the Global Security Index (GSI), the surge in remote work over the past few years and the frequent use of third-party vendors based in other nations may make the country more susceptible to breaches. Additionally, the global positioning and financial standing of the United States make it a target for hackers.
Password Health scores improved overall
Password Health scores of each region improved since last year, and the percentage of weak, reused, or compromised passwords decreased for each region.
Eastern Europe remained in the top position for overall Password Health score, while South Asia improved the most since last year, raising their score by 2.4 points. The regions of South America and North & West Africa tied in decreasing their share of weak passwords by 6% since 2022.
With Dashlane, users are able to monitor the progress of their Password Health score over time. In the Dashlane app, users can see each reused, weak, or compromised password that is affecting their Password Health score and take immediate action to replace them with a strong alternative. You’ll see your score rise instantly as you update each password.
Still, password reuse is rampant in every region
Our analysis found that each of the 14 regions has a share of 44% or more reused passwords, which puts accounts at high risk. Regardless of whether or not your passwords are strong, a reused password can have a domino effect: If one account is compromised, they could all fall down, especially if you’re not using added security like multi-factor authentication (MFA).
If you use a password management solution like Dashlane, you can see whether your password has already been used for another account and quickly generate a new, unique password in its place.
Here’s a rundown of Dashlane’s Password Health score algorithm and how it works.
What is the Password Health score?
Dashlane’s Password Health score offers a holistic look at your password health. The algorithm takes several factors into account and can be assessed on an individual level as well as across an entire organization.
Here are the metrics that contribute to your overall Password Health score:
- The number of compromised passwords in your Dashlane vault
Passwords are considered compromised if they’ve been exposed during a data breach. Your Password Health score loses points for passwords found by Dashlane’s Dark Web Monitoring tool, which constantly scans the dark web for exposed credentials. Your score also goes down if you have passwords that are the same as or similar to those compromised. The tool notifies you of any exposed credentials found, so you can take immediate action to update them.
- The number of reused passwords in your account
Healthy passwords are unique. If you reuse the same password for multiple accounts, threat actors may be able to access each of those accounts with just one set of stolen or compromised credentials. Hackers have many methods to gain unauthorized access to accounts, including credential stuffing, in which they use previously exposed username and password combinations and test them on different platforms.
- The strength of your passwords
For your Password Health score, the strength of your passwords is measured by Dashlane’s built-in zxcvbn algorithm. Put simply, the algorithm analyzes the characters in passwords to determine how long it would take a hacker to crack them by trying to match parts of each password to recognizable patterns. Strong passwords do not have predictable patterns, are 12 or more characters in length, and use a combination of numbers, letters, and special characters. Dashlane’s Password Generator can create passwords for you that follow this criteria.
- Omitting certain passwords for better accuracy
Certain passwords, like WiFi passwords and smartphone codes, may be preset and beyond your control. You can easily exclude these passwords from your Password Health score to ensure a more accurate score.
What’s a good Password Health score?
A Password Health score above 90 is ideal for individual users and organizations. A score between 60 and 90 falls in the “Needs Improvement” range and indicates that you should take action to update any weak or compromised passwords. Scores between 20 and 60 are considered “Poor”—if this is your score, update passwords as quickly as possible to mitigate the risk of a cyberattack.
Download the full 2023 Global Password Health Score Report to learn how we conducted our research, take a closer look at the scores for each region, see which countries improved the most in each category, and find a checklist for improving your own Password Health score.
Sign up to receive news and updates about Dashlane
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.
