Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.

76% of leaked password login attempts for websites built on WordPress are successful.

Approximately 41% of successful human authentication attempts involve leaked credentials.

The most commonly used keyboard walk pattern was “Qwerty,” which appeared over 1 million times in a list of compromised passwords.

88% of organisations still use passwords as their primary method of authentication.

31.1 million breached passwords were over 16 characters in length.

Simple passwords like Pass@123 and P@ssw0rd, which meet basic Active Directory requirements, are frequently used, increasing the risk of password reuse.

Organisations using SaaS apps have an average of 47,750 passwords to manage.

Over 31 million of the breached passwords were over 16 characters in length.

The most common base terms used in breached passwords were “password”, “admin”, and “welcome”.

53% of people admit to using the same password across multiple accounts.

The most common length for compromised passwords was 8 characters (212.5 million total).

123456 was the most common compromised password found in a new list of breached cloud application credentials.

12% of respondents' organisations experienced a material privacy breach in the past 12 months.

After analysing 1.8 million breached administrator credentials, 40,000 admin portal accounts were found to be using ‘admin’ as a password.

Requiring an Active Directory password length of at least 13 characters would significantly reduce the risk of cloud application password reuse.