Credentials
We've curated 148 cybersecurity statistics about credentials to help you understand how password management, multi-factor authentication, and the rise of phishing attacks are shaping the security landscape in 2025.
Showing 61-80 of 148 results
Among people familiar with passkeys, 54% consider them to be more convenient than passwords.
More than two thirds of users familiar with passkeys turn to them for simpler, safer sign-ins.
69% of consumers have enabled passkeys on at least one of their accounts.
Over 35% of people had at least one of their accounts compromised due to password vulnerabilities in the last year.
Among those who have used passkeys, 38% report enabling them whenever possible.
47% of consumers will abandon purchases if they have forgotten their password for that particular account.
Among people familiar with passkeys, 53% believe passkeys offer greater security than passwords.
76% of CIOs acknowledge the growth threat of credential leaks.
Among the roles most vulnerable to credential theft, 28% were in Project Management, followed by Consulting (12%) and Software Development (10.7%).
The average time between credentials being found and the reported ransomware attack was 2.5 weeks
With AI-grade hardware, password cracking speeds have surged by over 1.8 billion percent compared to consumer-grade machines. This acceleration using AI-grade hardware has collapsed cracking timelines from billions of years to just a few hours.
Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.
Compared to 2024, the time it takes to crack passwords using consumer-grade GPUs has dropped by nearly 20%.
An eight-character password made up of only lowercase letters can now be cracked in just 3 weeks using consumer-grade GPUs.
Compared to 2024, the time it takes to crack passwords using consumer-grade GPUs has dropped by nearly 20%.
1.7 billion stolen credential records were shared in underground forums.
Initial access brokers on cybercriminal forums are increasingly offering: corporate credentials (20%), RDP access (19%), admin panels (13%), web shells (12%).
Stolen credentials are the second highest initial infection vector, making up 16% of investigations. This rise means stolen credentials were the second most common initial infection vector for the first time in 2024.
72% of both Gen Z and Millennial respondents estimate they have fewer than 25 unique passwords.
One in four (25%) Gen Z respondents share passwords by including them in the body of a text.