A look at Password Health Scores around the world in 2022
Report: A Global Look at Password Health
Here’s a snapshot of global cybersecurity habits based on Dashlane’s unique algorithm—the Password Health Score.
Passwords are often the weak link in an organization’s or individual’s cybersecurity—in fact, for Basic Web Application Attacks (BWAA), over 80% of breaches can be attributed to stolen credentials.1 The average internet user has 240 online accounts that require a password. With the number of online accounts per person growing each year, it’s essential to include password security as part of your cybersecurity plan to protect yourself and your business from cybersecurity incidents and bad actors.
Our report measures the levels of password health by region to share the first-ever look at the global state of password security. With a strong emphasis on data privacy and fair reporting, here’s where each region stands as of 2022.
According to our findings, nearly 20% of passwords are compromised in North America, and globally, 51% of passwords are reused.2
To see your own score, download Dashlane for free. For more information, check out our in-depth explanation on what a Password Health Score is and why it’s important.
What we found
We found that the average Password Health Score for all of the regions was between 69 and 77, which means all regions fit within the “Needs Improvement” range. Let’s zoom in to see how each region measures up.
Password Health Scores by region
|Password Health Scores data breakdown by region|
|Ranking||Region||Average Password Health Score|
|5||Southern & Eastern Africa||72.3|
|9||Middle East & Central Asia||71.5|
|13||Northern & Western Africa||70.8|
Password Health Scores explained
Dashlane created the Password Health Score methodology to help users measure the state of their password security, improve upon weaknesses, and monitor their progress over time. Dashlane identifies vulnerabilities, prioritizes your most critical accounts (like banking, email, and social media), and gives you quick tips on securing your safety gaps.
An ideal Password Health Score—for both individuals and organizations—is above 90.
Dashlane generates Password Health Scores using an algorithm that works silently in the background of each user’s Dashlane account. It understands and reports where your weaknesses and strengths lie, login-wise, by using four key metrics:
# of compromised passwords
If a password is impacted by a public or private data breach or found on the dark web using our Dark Web Monitoring tool, it’s compromised. We also dock points for passwords that are similar to any compromised passwords.
# of reused passwords
A reused password is the same or similar to a password from a different account. If one account gets breached, all of your accounts with that same password are at risk. The more reused passwords, the lower your Password Health Score.
We measure individual password strength using the zxcvbn score, which is the methodology behind most password strength meters you see when you create a password for a new account.
Our dashboard includes a separate tab for passwords that can be excluded from the Password Health Score but still be stored securely. This is because not all passwords are a good measure of password health. Some logins have tight restrictions that are out of the user’s control, such as smartphone passcodes or WiFi passwords.
A checklist for improving your password health
Adopt a password manager.
To fully understand your password health, you need a password manager like Dashlane to audit your logins and show you where your password vulnerabilities lie.
Replace passwords that have been reused or compromised.
Use our in-app password manager to identify reused or compromised passwords and replace them with new, strong, and unique ones using our Password Generator. Dashlane shows you exactly which accounts are at risk.
Create a culture of security.
Whether you’re at your office or in your home, take ownership of your privacy by creating a culture of security awareness. Enable yourself and the people around you to make smart decisions about their data using the right tools and methods.
Use tools that make cybersecurity simple.
Make the best of your password manager by employing systems like 2-factor authentication (2FA) and single sign-on (SSO) to make the login process safe and simple for everyone.
For the creation of this report, regional scores have been computed using anonymous data from both Dashlane business and personal users.
For each region, we computed the average and the median Password Health Score among the thousands of users in that region.
Together with the hundreds of millions of data points, several factors went into consideration to reduce bias in the results.
For example, we have excluded users who created their accounts recently since they may have imported several passwords that they have not secured yet. However, this doesn’t make any difference in the results.
We included all countries of the world and grouped them into key regions. We created regions populated by high enough volumes of Dashlane users so that we can ensure proper sampling of the population. For example, having a significant enough volume of users in each region enables us to reduce bias so that we ensure a consistent breakdown of B2B/B2C users across regions.
In the analysis, together with the median and average, we looked at the distribution of security scores across regions, for example, the share of users with a score above 80 in Northern Europe vs. other regions. These more granular numbers told us the same story of nuances of security across regions. In the end, we picked the average as the best compromise between relevancy and readability.
Analyzing the components of the score, we found that the amount of password reuse and password weakness is fairly similar across the world. On the other hand, the number of compromised passwords varies greatly and plays a big role in the differences we observe between regions.
Privacy & security
Dashlane did not collect “personal data” from its users in creating this report.
The data in this report is “anonymous data” aggregated using IP address information without the last four digits to determine location. “Anonymous Data” means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit the identification of an individual.
Because of our zero-knowledge architecture, we do not and cannot know what information users store on the Services (“Secured Data”).
- Verizon’s 2022 Data Breach Investigations Report, 2022
- A Global Look At Password Health, Dashlane, 2022