Quiz: How strong is your password security?

Privacy news
6 mins
  • 15% of U.S. participants use weak passwords that include things like their pet’s name. Many also use personal identifiers, despite thinking they have good cybersecurity knowledge.
  • Our survey reveals that some of the common password mistakes from respondents include repeating passwords across accounts and using passwords that are easy to guess. Only 20% say they make an effort to create “really complicated” passwords.
  • Approximately 35% of those surveyed revealed that they store passwords by writing them down on a piece of paper. 
  • While password managers are used by 21% of respondents, only 19% adopt two-factor authentication to log in securely into their accounts.
  • Despite 45% claiming high cybersecurity knowledge, U.S. respondents performed poorly on a quiz about password-related threats.
  • A surprising 2.6% of participants thought cybercrime isn’t real and is fabricated to scare people.
  • Bonus: Follow our easy guide at the end of the article to create strong passwords for all your accounts now.

Do you use your pet’s name in your passwords? You wouldn’t be alone—15% of U.S. respondents to our survey about password use admit to doing this. But that doesn’t mean it’s a good idea. Neither is using a part of your own name, birth year, address, or phone number. All these are among the most common risks people take when setting passwords.

Our survey asked not only about behaviors surrounding passwords but also tested respondents’ knowledge on the matter. 

The findings in a nutshell: While almost half of those surveyed think they have better-than-average knowledge about cybersecurity, the vast majority of people practice less-than-ideal password security, with most answering questions about cyberattacks incorrectly. 

The quiz above includes some of the questions in our survey, so you can test your own knowledge!

Kids’ names, pets’ names, and other weak passwords

When creating passwords, best practices include using random, complex, long strings of characters—not your name or words relating to your identity. It’s also important to not repeat passwords across different accounts or to use passwords that are only slightly different and based on a pattern. These mistakes would make it easier for someone to guess your password on different accounts if they managed to find out one of your passwords.

Our survey asked people how they came up with their passwords, and the most-selected answer (20%) was the good practice of trying to make a password “really complicated.” Not far behind, though, were answers in which people admitted to using the same password for more than one account (17%) and using a pet’s name (15%).


We conducted the same survey in the UK, France, and Germany, and overall, fewer people in all three European countries said they used the above personal identifiers in their passwords. 

When it came to knowledge about creating passwords, most respondents indicated that we should use a variety of characters, but very few (12%) said it’s a good idea to randomly generate one. Using an online random password generator is a very effective way to set a password that’s long and means nothing to you or anyone else. The main issue is no one can remember a long and random password, which is where password managers come in.

Our survey also asked how frequently people changed their passwords. The most popular answer (20%) was to change a password only if it’s been forgotten—but a good portion (17%) said they change their passwords every three months. Shorter and longer periods between password changes were less common.

There is conflicting information on what frequency is optimal for changing a password. While the advice used to be to do so frequently, some experts now say if your password is strong and unique, there is actually no reason to change your password.

Paper notes are the top password-storage method

As for keeping track of passwords, writing them down on paper is the most-used method—35% of respondents said they did this. This is not a secure method, as someone could find your notes and steal your password; however, it’s probably safer than storing them in a file on your phone or in your email, which a smaller number of respondents admitted to.

It was a good sign, though, that password managers were used by many (21% of respondents saying they use one). Experts consider password managers the most secure way to store passwords. Users only have to remember a single primary password, which gives them access to all their other passwords. Users can set long, random passwords—the strongest kind—because they don’t have to remember them.

A small percentage of respondents, approximately 9%, also revealed that they store their passwords on a browser like Google Chrome. While this method of storing passwords isn’t recommended by experts, using a VPN for Chrome or any other browser, could help secure your connection while browsing.

However, even though two-factor authentication is easy to implement, only 19% said they have adopted it. Using two-factor authentication, in which a one-time second password is sent to the user, drastically lowers the chance of an account getting hacked.


How cyber smart are you?

Our survey revealed that 45% of people in the U.S. think they have very good or better-than-average cybersecurity knowledge, with 31% considering their own knowledge to be not very good. The rest rated themselves as average.

There was a notable difference in these self-ratings in European countries. While the UK had the same 45% rate themselves as being savvier than average, in France it was 52%, with 37% in Germany. As for admitting to poor knowledge on the topic, only 12% in the UK, 13% in France, and 17% in Germany did so.


While U.S. respondents sound fairly confident, they did not fare well in our quiz, in which we asked about password-related threats: phishing, credential stuffing, social engineering, and brute-force attacks. 

Of these topics, phishing was the best understood, with 56% correctly identifying it as “when someone emails you pretending to be someone else so they can steal your information.” A confounding 5% said it involves catching actual fish. However, the understanding of phishing is even lower in Germany and France, with just 49% and 36%, respectively, choosing the right answer.

Half of U.S. respondents knew what credential stuffing was, while 40% got brute-force attacks right. And only 34% chose the right answer that described social engineering.


Perhaps awareness of the risks of cyberattacks is the first step in staying safe. Which is why it’s alarming that most respondents were wrong about their own vulnerability. 

When it came to the risks of falling victim to cybercrime, more than half surveyed marked incorrect statements as true, including “I’m not interesting enough to be a victim of cybercrime” and “It’s impossible to be hacked on an Apple device.”

Most oddly, 2.6% of respondents said cybercrime isn’t real and only made up to scare people.

3 tips to creating a strong password

Use this easy to follow guide to create a strong password for all your accounts:

1. Make it random

Random passwords, composed of a mix of letters, phrases, numbers, and special characters, significantly enhance the strength of your defenses against cyber threats. So, instead of relying solely on a single word or phrase, string together a series of random words, numbers, and special letters to create a stronger password. You can also consider incorporating uncommon abbreviations or intentionally misspelled words to further enhance the randomness of your password.

2. Use a password manager

Password managers are an easy way to generate highly secure and random credentials for any account. ExpressVPN’s Keys, for example, is a built-in password manager that comes with any ExpressVPN subscription. Keys enables you to securely handle an unlimited number of passwords, credit card details, and notes across any device. It also provides alerts for potential data breaches and identifies vulnerable passwords, enhancing overall security.

3. Avoid using obvious and weak passwords

When creating a password, avoid using obvious and easy-to-guess information or phrases. For example, avoid incorporating information like your birthday, pet’s names, or children’s names. By steering clear of easily identifiable patterns or information associated with your identity, you significantly strengthen your password’s resilience against potential malicious attempts to guess or crack it.

FAQ: About password security

What is password management?
Why is it important to have strong passwords?
What is a password manager, and how does it work?
How do password managers enhance security?
Are password managers safe to use?
Can I use password managers on multiple devices?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
ExpressVPN is dedicated to your online security and privacy. Posts from this account will focus on company news or significant privacy and security stories.