On Average, How Many Passwords do Employees Manage?

Passwords to Manage UsersAccording to the Last Pass Password Exposé report, an employee manages of about 200 passwords. Other industry reports often estimate the number of credentials used and put the figure closer to an average of 27 passwords per employee.

Which begs the question - based on multiple sources, how many passwords are managed by employees?

According to an infographic by Digital Guardian, for every one email address is an estimated 130 personal and work related accounts. 

Screen Shot 2020-11-11 at 11.29.47 AM

Source: Digital Guardian

Which calls out conflicting data - why are companies promoting that the an user manages multiple accounts? The real end-user does not need more than 20 or 30 passwords which is already way too much. That's why solutions such as single-sign products or password managers promote using their tools - because they want you to believe that your passwords are unmanageable to do manually.

However, companies and employees don't even get a complete solution by using single sign-on (SSO) technology, because more than 50% of the most popular websites and services, like Box, MailChimp, and LinkedIn, do not support SSO out of the box, the report states.

Password vaults with multi-factor authentication (MFA) are enabled in 26.5% of the organizations included in the report, a level that lacks broad enough adoption to offset the problems that enterprises face with passwords, according to the report. LastPass, in a report from last year, found that 91% of users were aware of the risks of reusing passwords, yet 61% continued with the practice.

While these tools are helpful by design they shouldn't be your organization's only line of defense. New-school security awareness training can help educate your users how to use strong passwords to avoid a potential attack. 

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews