May 1 is International Workers’ Day, also known as May Day. This year, it is also World Password Day, which occurs on the first Thursday in May to bring attention to password security.
For 2025, it would seem that the majority of Americans have some lax password practices. According to research from NordPass, 62% of Americans reuse passwords across online accounts, which could create “a domino effect of vulnerability, where a single compromised password can unlike an entire digital life.”
The research also found that the average Americans who reuse passwords may do so with five accounts, while one-fifth of respondents to a study admitted to reusing the very same password on 10 or more accounts. As worrisome was the fact that one-third of Americans only had one or two regular “go-to” passwords.
“People reuse passwords because it’s easier that way, we all know that. But it is worrying that, despite repeated warnings, about 10% of respondents still don’t think there’s a significant risk in reusing passwords. This mindset is a disaster waiting to happen. Threat actors could gain access to all your accounts, your identity could be stolen and your credit card – maxed out, or a loan could be taken out in your name,” warned Karolis Arbaciauskas, head of business product at NordPass.
Even when passwords are updated, which most cybersecurity experts said doesn’t happen often enough, the common change is adding a number, symbol, or letter. It also isn’t a issue related to just one generation, the NordPass research found. Those of Gen Z were more likely to reuse passwords, while Baby Boomers had more accounts with reused passwords.
AI is a New Password-Breaking Threat!
Coupled with the dangers of used passwords is the fact that developments in artificial intelligence (AI) may make it easier for bad actors to crack even seemingly complex passwords.
According to cybersecurity provider Hive Systems’ 2025 Password Table, the time to crack passwords using consumer-grade GPUs dropped by 20% over just the past year. It warned that an eight character password made up of only lowercase letters can be cracked in as few as three weeks.
At the same time, AI-grade hardware has surged by 1.8 billion percent, reducing the cracking time of the most complex passwords from billions of years to just a few hours!
“We are witnessing an astronomical acceleration in computing power,” said Alex Nette, CEO of Hive Systems. “Even outside of quantum computing, today’s AI-grade hardware is already reshaping cybersecurity risks. Passwords that were safe last year could now be cracked in a fraction of the time, and quantum computing will only push this even further.”
Experts Offer Some Advice
Given that major breaches have made the news, and that large companies are routinely breached should be enough to convince users to engage in better password practices, but that doesn’t seem to be the case.
Darren James, senior product manager at Specops Software told ClearanceJobs via an email that recent research found that many compromised passwords still relied on common base terms such as admin, qwerty, welcome, or password.
“We also know that password reuse is extremely common. Users using work passwords on their own devices, apps, and websites with weak security, which are more vulnerable to malware, are still a constant threat to many organizations,” warned James. “Although an organization’s password policy may be strong and in line with compliance regulations, it cannot prevent passwords from being stolen by malware.”
Moreover, it isn’t just simple passwords that are being cracked, possibly with the help of AI, but also simply due to lax practices, including being the victim of a phishing attack.
“We see many stolen passwords exceeding the length and complexity requirements in common cybersecurity regulations,” added James. “That’s why global awareness campaigns, such as World Password Day, are needed to educate on best password practices and for organizations to rethink how to secure their digital environments.”
Of course, the reason passwords are often recycled and not all that complex in nature is that it is almost impossible for users to remember them. There are solutions.
“Use a password manager to create and use strong passwords whenever possible. Password managers make it easier to use good passwords that are different for every site and service,” explained Roger A. Grimes, data-driven defense evangelist at KnowBe4.
“Whenever possible, use phishing-resistant MFA (multifactor authentication) instead of passwords to protect valuable data and systems,” Grimes told ClearanceJobs. If you must make up a password from your head, it should be 20 characters or longer to repel all known types of password attacks.”
Grimes added that the biggest threat is that passwords aren’t always cracked, but rather that individuals are tricked into revealing them to hackers using social engineering, usually through email with URL links pointing to fake look-alike websites that look similar to the real websites.
“Most password managers will not fall for fake look-alike websites,” Grimes continued.
“Change all your passwords at least once a year, to prevent a stolen password from being good forever, just waiting for a hacker to use,” said Grimes. “Once a year, set aside a day to update all your passwords.”
Today seems like a good time to start!
