79% of Gen Z admit password reuse is risky, yet 59% recycle an existing password when updating accounts with companies that disclose data breaches

Key Takeaways:

• 79% of Gen Z believe reusing the same password across multiple accounts is risky; however, 72% still admit to doing so.
• 59% of Gen Z reuse an existing password even when updating an account with a company that has recently had a data breach.
• Nearly half (44%) of Gen Z changed a streaming service password to remove account access for a family member or friend following an emotional response to something they said or did.
• A quarter (25%) of Gen Z often or always rely on the password reset function to access an account when they’ve forgotten their password, compared to 11% of Boomers and 17% of Gen X.

SANTA BARBARA, Calif.: Bitwarden, the trusted leader in password, passkey, and secrets management, today announced results from its fifth annual World Password Day survey ahead of World Password Day on May 1, 2025. The global study surveyed more than 2,300 working adults across the United States, the United Kingdom, Australia, France, Germany, and Japan. The findings shed light on generational trends in password habits and ongoing gaps in online security behavior.

The dangers of password fatigue and reuse

Across all surveyed generations, Gen Z reports the highest incidence of password reuse, with 72% admitting they recycle credentials. This stands in contrast to 42% of Boomers who report doing the same. The disconnect is significant, especially with 79% of Gen Z respondents admitting that they believe password reuse is risky. 59% of Gen Z also admit to reusing an existing password when updating an account with a company that has experienced a data breach, compared to just 23% of Boomers. 35% of Gen Z respondents revealed they never or rarely update passwords after a data breach at a company with which they have an account. Only 10% reported that they always update compromised passwords.

Gen Z is often regarded as the most digitally native generation. According to the findings, that same exposure likely contributes to password fatigue.

• 72% of both Gen Z and Millennial respondents estimate they have fewer than 25 unique passwords.
• 38% of Gen Z and 31% of Millennials report changing only a single character or reusing an existing password when prompted to update a credential.
• 30% of Gen Z often or always forget passwords to important accounts.
• Even more telling, 55% of all respondents have abandoned logging into an account entirely or created a new one just to avoid the hassle of resetting a password.

Relying on MFA to offset risky password habits?

Over 80% of Gen Z and Millennials report that they are at least somewhat likely to enable multi-factor authentication (MFA) when it isn’t required, compared to just 51% of Boomers. This suggests that younger generations may be compensating for weak password habits, such as password reuse, by relying on MFA as a security safety net. While MFA is a valuable layer of protection, it should not be seen as a substitute for strong, unique passwords. If the first factor, the password, is weak or compromised, the account remains vulnerable – especially when MFA is enabled via SMS, which is susceptible to interception and SIM swapping attacks.

When password habits get personal

Passwords can reflect more than just online security habits. They can reveal the nature of interpersonal behaviors. Nearly half of Gen Z (44%) say they’ve changed a streaming service password to remove access from a family member or friend as an emotional response to something they said or did. This points to how digital boundaries and credential ownership are increasingly shaped by relationships and personal decisions, particularly among younger generations who are more likely to share access to online platforms.

Stress related to password management also varies across age groups. Despite growing up online, 62% of Gen Z report some level of stress when it comes to managing passwords. This further underscores the overwhelming nature of password fatigue for digital natives, especially when security habits must be maintained across dozens of accounts.

Generational credential sharing and persistent risks

Gen Z is the most likely generation to use password management software (46%). However, insecure sharing habits persist. One in four (25%) Gen Z respondents share passwords by including them in the body of a text, while 19% send screenshots of their credentials, and 19% share them verbally. Only 13% report using a password manager to securely share sensitive login information, highlighting a disconnect between how passwords are stored and how they’re shared.

In contrast, 67% of Boomers say they don’t share passwords at all, and only 7% resort to text-based sharing. These patterns suggest that although younger generations are adopting modern password tools, risky interpersonal behaviors continue to undermine security best practices.

Gen X: The overlooked knowledge gap

Although Gen Z displays signs of fatigue and risk-taking, Gen X – a generation that sits between analog and digital technology adoption – reveals a different challenge: low confidence in credential management. Just one-third of Gen X respondents (33%) say they use a password manager, trailing behind Millennials (39%) and Gen Z (46%).

Notably, Gen X is more likely to admit they don’t trust or know how to set up a password manager (21%), even though they are in the prime of their careers and often hold leadership roles. Despite a general awareness of security risks, the contrast of security habits by Gen X respondents suggests a missed opportunity for education and enablement, particularly for a generation that influences both workplace and personal security behaviors and policies.

To read through the full report and findings, please click here.

Survey Methodology

This was an online survey of 2,391 employed adults fielded from March 14 to March 20, 2025. Respondents were from Australia, France, Germany, Japan, the United Kingdom, and the United States, ranging from being employed both full and part time. Responses by country: Australia (16%), France (16%), Germany (16%), Japan (15%), the United Kingdom (16%), and the United States (21%).

About Bitwarden:

Bitwarden equips enterprises and individuals with the power to securely manage and share information online with trusted open source security solutions. With a password manager for everyone, users can easily manage their entire online identity anywhere. Bitwarden Secrets Manager and Passwordless.dev enhance developer secrets security and streamline passkey development for end users and workforce authentication. Founded in 2016, Bitwarden serves over 50,000 businesses and more than 10 million users worldwide across 180 countries in 50+ languages. The company is headquartered in Santa Barbara, California. Learn more at bitwarden.com.

Fonte: Business Wire