Gen Z Might Be the Worst at Passwords

But it's probably not their fault

  • A new study looks at the generational differences in password habits. 
  • The study shows that Gen Zers have worse password protection habits than any other generation before them. 
  • Experts say while having good password protection habits is a good thing, we should be working to create a passwordless world.
Thumb tapping a Password box on phone

Getty Images

A new study shows the differences in password habits among generations, and it looks like Gen Z needs to update their passwords every once in a while. 

The study published by Beyond Identity titled Password Faux Pas looks at password preferences and habits across generations. Experts say it might not be entirely Gen Zers’ fault that they are not good at password protection, since passwords are inherently unsafe for all. 

“Even after the numerous breaches and hacks we’ve seen these past few years, user vulnerabilities are still being exposed and passwords are stolen,” Sam Larson from Beyond Identity, told Lifewire in an email. 

"No matter what a user may do to improve their own habits, passwords will always be fundamentally flawed.”

What The Study Found

With younger generations growing up online, it’s easy to assume they’re more security-savvy. However, the study shows that the Gen Z population (born after 1996) is the most likely to reuse passwords and create a password with their personal information. They’re also less likely to update their passwords annually. 

The study shows that 47% of people say they’re very or extremely likely to reuse a password, with 24% of Gen Zers reporting they’re extremely likely to reuse one. The study also revealed that one in five people update their password less than once per year, including 31% of Gen Zers. 

In comparison, Gen Xers are more likely than any other generation to change their password at least once a year, followed by Millennials and Baby Boomers. 

Gen Zers also ranked as the worst in having a password for the longest time, as 40% said their oldest password was between 6-10 years old. The older generations’ percentages in that category were much lower, with Boomers at 13.7%, Gen X at 18%, and Millennials at 22.3%. 

Palm with "Pa55w0rd!" written on it in ink

Getty Images

So why is the youngest generation—the one who essentially grew up with the internet—so bad with their password habits? Larson said there are a few reasons for this. 

“They may think it can’t happen to them; someone hacking their account isn’t as severe as hacking the account of older generations, or the dreadful password ‘fatigue,’” he said. 

“Our study also found that 26% of people report their employer as the source for their password security habits, which targets older generations who have been in the workforce for far longer.”

Better Password Habits For All

The Gen Zers may be onto something, though. Larson said that passwords are fundamentally not secure, adding that we should get away from them as a society. 

“Passwordless authentication is becoming more and more commonplace and easier to implement as companies continue to move to cloud-based systems, and that is your best bet at securing users,” he said. 

“No amount of special characters or numbers is going to stop your password from being stolen if a hacker gets into the database.”

Tech companies already are slowly moving away from passwords, instead turning to the kind of biometric scanning Apple uses to unlock your phone or keyboard with Face ID or Touch ID. There are also simple ways to bypass a password, like having a link sent to your email to sign in or getting a one-time code sent to your phone via text. 

“No amount of special characters or numbers is going to stop your password from being stolen if a hacker gets into the database.”

However, right now, it appears we still need passwords for many of the sites we access daily. Larson said there are still ways to improve your protection habits, no matter what generation you are. 

“Short of passwordless authentication, a few tips for protection include not sharing your password, including with family members, especially if it’s a password you use often,” he said. 

Larson also advises using unique passwords for each account, updating passwords frequently (and especially after a reported breach), and always avoiding the use of publicly available information about yourself or the predictable “special characters,” such as “!” or the “@“.

Was this page helpful?