As a credential management company, we’re clearly passionate about password health. In 2022, we decided to share the love—and the data—by putting out our first annual global password health report.
For this year’s report, we collected hundreds of billions of anonymized data points and specifically analyzed enterprise password hygiene. We found that while enterprise users have stronger password health than consumers, a pervasive number of credentials aren’t protected by single sign-on (SSO).
We also examined which industries have the best and worst password health. Since we published our first report, Dashlane users worldwide have seen their Password Health scores trend upward each year, underscoring that knowledge equals power when it comes to security. Progress in security often happens gradually, and with passkeys and other passwordless technology still in the early stages of adoption, compromised and unsecure credentials remain a risk that organizations will have to continue to manage for years to come.
Password health improves globally
Looking across regions, the average Password Health score in 2024 was between 72.6 (Northern America) and 79.8 (Eastern Europe). While each region fell within the “Needs Improvement” range (a score between 60–90), all regions improved their scores between 2–4% in the past year.
This improvement is due to the continued decrease in reused and compromised passwords globally. These steady increases in password hygiene can significantly reduce risk for users and their employers, especially from opportunistic, wide-net phishing attacks that take advantage of weak, reused, or compromised credentials.
Organizations in every region need to stay updated on how cybersecurity is evolving. Check out our expert-led “Top Trends and Tools of 2025 for Proactive Credential Security” webinar to get the insights you need.
Industries with the highest security scores in 2024
- Software & Tech
- Information, Media, & Telecommunications
- Education
- Transportation & Storage
- Accommodation & Food Services
It comes as no surprise that industries that are famously “online” and SaaS-fluent—and likely much savvier and well-informed about cybersecurity risks—are paying more attention to their security scores. These characteristics are especially true for industries such as Software & Tech; Information, Media & Telecommunications; and Education.
What stands out about Education is how far it has come in regard to digital security. Securing faculty and students’ data while also educating students on cyber best practices is no easy task, especially considering that the Education industry is one of the most targeted for ransomware. If a school district or student were to get breached, a cybercriminal could exploit extensive amounts of sensitive data about minors.
Transportation & Storage and Accommodation & Food Services often have a different cyber perspective due to heavy reliance on supply chain operations. A cyberattack could physically halt production and operations in these industries.
Industries with the lowest security scores in 2024
- Legal
- Manufacturing
- Construction
- Healthcare
- Energy & Utilities
Many law firms handle highly sensitive data on a daily basis. However, it’s not an industry traditionally known for its technological sophistication or ability to adapt quickly to the rapidly changing online landscape.
What Manufacturing, Construction, and Energy & Utilities all have in common is that their work takes place in physical locations offline. With employees in these industries traveling away from a home office base and corporate policies requiring password changes every 90 days, despite NIST guidance to the contrary, reused passwords and shared logins are common.
With Healthcare being one of the most highly targeted industries for cyberattacks as well as one of the most highly regulated industries under HIPAA, healthcare workers are subject to much more stringent security policies than most. However, sometimes, this has the opposite effect: Employees may assume these regulatory and security requirements are enough to keep them safe, so they might not rely on third parties for security protection. If they don’t use security tools like password managers, they could be missing a critical step in protecting highly sensitive patient and staff data.
Improvement is needed across all industries
Since the average score across all industries falls in the “Needs Improvement” range, it’s clear there’s a need for better password hygiene. The advent of passkeys brings hope of more secure login methods in the future, but for now, passwords are still the norm. Solutions like Dashlane help businesses understand and improve password health and security, and with the positive trends we’ve seen in this year’s report, we’re confident that credential security is becoming a higher priority for people and businesses alike.
Want a quick and easy checklist to help your employees improve their password health? Download the full report.
Sign up to receive news and updates about Dashlane
