Gen Z might think they're cyber secure – but Baby Boomers have better passwords

After receiving cybersecurity education, just 31% of users stopped reusing passwords, report shows.

After receiving cybersecurity education, just 31% of users stopped reusing passwords, report shows. Image: Towfiqu barbhuiya on Unsplash

Emma Charlton
Senior Writer, Forum Agenda
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Centre for Cybersecurity

Listen to the article

  • Awareness of cybersecurity issues and password security doesn’t always translate to action.
  • After receiving cybersecurity education, just 31% of users stopped reusing passwords, report shows.
  • Gen Z is the most assured generation when it comes to password management, but they are also the biggest offenders.
  • Everyone needs to bolster their cybersecurity by taking action to increase password protection.

123456. Qwerty. Password.

Sound familiar? These are among the top 5 most used passwords, according to a Cybernews analysis of more than 15 billion logins.

Having an easy to guess code matters because incidents of cybercrime, hacking and data theft are on the up, and also because so much of our daily life is now conducted online.

Complex passwords

Banking, taxes, health, shopping, gaming, social media: we share our data and personal information with a great range of organizations, often using a password as a gateway and a bridge of trust between us and them.

But how closely do we scrutinize our security and how much thought do we give to protecting ourselves online?

Statistic showing password and cybersecurity risks
Reusing passwords brings risks. Image: LastPass

Reusing codes

“After receiving cybersecurity education, only 31% of users stopped reusing passwords, while only 25% started using a password manager,” the report says.

Statistic showing the percentage of informal or formal cybersecurity education learned
Room for improvement in cybersecurity education. Image: LastPass Report

And a feeling of security was often deemed to be enough, with 89% of respondents acknowledging the risk of using the same password or a slight variation. Just 12% said they use a different password for each different account.

The same password, or a variation, was used “mostly” or “always” by 62% of those surveyed.


How is the Forum tackling global cybersecurity challenges?

There was some variation in attitudes and behaviour among age groups, however all showed scope to improve their approach, the research showed.

Sense of security

Gen Z – people born between 1997 and 2010 – had a strong sense that their password management is “very safe” and were more likely than other age groups to recognize the risk of using the same password across multiple sites.

Even so, they were also the generation most likely to memorize their passwords – perhaps a sign that the combinations or complexity used in the password could be improved.


The opposite was true for “Baby Boomers” – those born between 1946 and 1964. They may have displayed less confidence in their own password methodology, but actually came out in the survey as the “most likely to create unique passwords” as well as the least likely to repeat a password or use a variation.

Statistic showing the generations most likely to memorize password.
Generations most likely to memorize passwords Image: LastPass

Attitudes differed depending on the type of site that data was being shared with.

Financial websites like banking and email accounts were seen as the top sites to create strong and complicated passwords for, while just 8% of respondents would create a hard-to-crack code for a travel or airline account.

Different online accounts that people would create a more complex password for
Variety in password attitudes. Image: LastPass

Building cyber resilience, globally, is a core plank of the World Economic Forum and takes place via the Centre for Cybersecurity. The most recent Global Cyber Security Outlook report showed that while business leaders are taking the issue more seriously and meeting more frequently about it, “more needs to be done to promote understanding between business and security teams to support effective action by organizational leaders”.

People who received a cybersecurity education
Gap between training, awareness and action after receiving cybersecurity education. Image: LastPass

The LastPass report also alighted upon a lack of action, even when the consequences are well understood. The authors of that report attributed the need for improved cybersecurity methodology to a lack of awareness of how grave the consequences can be, as well as a lack of proactive interest in cybersecurity training.

“Online users still need to level up cybersecurity by taking action versus a passive stance to protect their digital lives,” the report said. “No generation is immune to password mishaps, confidence is creating a false sense of security and awareness doesn’t translate to action.”

Next time you reach for 1234 or that hackneyed old password, you might want to think again.

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

FBI takes down army of ‘zombie’ computers. Here what to know

David Elliott

June 19, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum