{"id":3359,"date":"2026-02-06T14:30:46","date_gmt":"2026-02-06T22:30:46","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=3359"},"modified":"2026-02-06T14:30:46","modified_gmt":"2026-02-06T22:30:46","slug":"how-to-fix-the-gen-z-password-problem","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/how-to-fix-the-gen-z-password-problem\/","title":{"rendered":"How to fix the Gen Z password&nbsp;problem"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/SSL_Blog_Gen-Z-pass.png\" alt=\"\" class=\"wp-image-3143\"\/><\/figure>\n\n\n\n<p>Gen Z is undoubtedly the most online generation yet, with the digital landscape having been a central part of their world from a young age. Despite this, recent studies (including this one from <a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\">NordPass<\/a>) show that their password practices are less than ideal.&nbsp;<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>It\u2019s quite a concerning finding. With data breaches on the rise, a weak password is something you can\u2019t afford to mess with. They remain one of the most common reasons accounts get hacked today. And the risks go far beyond losing access to a social media profile.<\/p>\n\n\n\n<p>Read on to find out why weak passwords are still so common, what real risks they create, and what you can do to lock down your accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What the research shows about Gen Z and passwords<\/h2>\n\n\n\n<p>Key findings about Gen Z passwords, according to the NordPass study, are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Passwords are often short and easy to remember<\/li>\n\n\n\n<li>The top 3 passwords are 12345, 123456, and 12345678<\/li>\n\n\n\n<li>They often reuse the same passwords across multiple accounts<\/li>\n<\/ul>\n\n\n\n<p>What makes this so surprising is that Gen Z are often considered \u201cdigital natives\u201d because they basically grew up online. This can give the impression that they\u2019re experts when it comes to all things Internet. But that\u2019s not the case. They\u2019re just as bad at password hygiene as the generations before them, particularly their grandparents.&nbsp;<\/p>\n\n\n\n<p>Looking at the data between generations, each one follows poor password practices. While Gen Z\u2019s top password, 12345, is the same for The Silent Generation, millennials, Gen X, and Baby Boomers aren\u2019t much better, favoring 123456. So, poor password choices can\u2019t be blamed on Gen Z alone. These bad practices transcend the generational divide.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why people continue to choose bad passwords<\/h2>\n\n\n\n<p>With everything we know about the importance of online security and the rise in hack-happy bad actors, why are the majority of people still choosing such risky passwords? It\u2019s hard to pinpoint precise reasons, but password fatigue is likely the biggest culprit. With so many different apps and devices, creating and remembering that many unique passwords feels like a hassle. This fatigue leads to <a href=\"https:\/\/finance.yahoo.com\/news\/gen-z-password-fatigue-finds-140000683\/\">behavior such as<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Having fewer than 25 unique passwords<\/li>\n\n\n\n<li>Changing only a single character when prompted to update a password<\/li>\n\n\n\n<li>Choosing to abandon an existing account entirely and create a new one instead of resetting a password<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Why weak passwords are dangerous as ever<\/h2>\n\n\n\n<p>Fatigue or not, using a weak or reused password is still risky behavior. It can lead to consequences like:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attackers engaging in credential stuffing, using leaked passwords from one site to access others<br><\/li>\n\n\n\n<li>Account takeovers,<strong> <\/strong>where bad actors gain unauthorized access to a user\u2019s online accounts.<br><\/li>\n\n\n\n<li>Identity theft, which involves accounts being used for scams or impersonations<br><\/li>\n\n\n\n<li>Payment services and subscriptions are common targets, resulting in financial loss<\/li>\n<\/ul>\n\n\n\n<p>The negative implications of weak passwords are unmistakable. So what are the best practices for choosing a strong one?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What defines a strong password today?<\/h2>\n\n\n\n<p>A strong password is not just a longer password. It should also be:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unique for every account<\/li>\n\n\n\n<li>At least 12-16 characters long<\/li>\n\n\n\n<li>Made up of a mix of upper and lowercase letters, numbers, and characters<\/li>\n\n\n\n<li>Random, not based on your personal information<\/li>\n\n\n\n<li>Hard to guess, even if someone knows you<br><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Weak: <em>Alex1998<\/em><br><\/li>\n\n\n\n<li>Strong: <em>tide-planet-copper-river!<\/em><br><\/li>\n<\/ul>\n\n\n\n<p>Instead of complex passwords you won\u2019t remember, a good trick is using a passphrase instead. This involves combining 3-4 random words. It creates a password that\u2019s difficult for hackers to crack but easier for you to remember.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why password managers can help<\/h2>\n\n\n\n<p>Password fatigue is incredibly understandable in a world where we need so many online accounts to get by. To have unique, strong passwords for every account and to remember them all simply isn\u2019t possible. That\u2019s why password managers are essential. They solve the biggest problem with strong passwords: memory.<\/p>\n\n\n\n<p>They allow you to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Generate strong, random passwords automatically<br><\/li>\n\n\n\n<li>Store unique passwords for every account<br><\/li>\n\n\n\n<li>Sync securely across devices<br><\/li>\n<\/ul>\n\n\n\n<p>With a password manager, you only need to remember one strong master password instead of scores more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Add multi-factor authentication (MFA)<\/h2>\n\n\n\n<p>Even a strong password can be stolen through phishing. That\u2019s why MFA is critical. It adds another layer of security to your online account so that even if your password is cracked or stolen, your online account will be safe. MFA often uses authenticator apps or one-time codes.<br><\/p>\n\n\n\n<p>What about Passkeys?<\/p>\n\n\n\n<p>Passkeys are a relatively new method of passwordless logins that use cryptographic keys stored on your device. Instead of a password, it asks for a user\u2019s biometrics, such as fingerprint or face scan, or screen lock password or pin code to prove identity.&nbsp;<\/p>\n\n\n\n<p>They are a powerful login tool since they are phishing-resistant and don\u2019t require you to remember so many passwords. The only downside is they\u2019re not yet supported everywhere, so strong passwords and MFA are still needed on many sites and apps.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Websites should also do their part<\/h2>\n\n\n\n<p>People\u2019s poor password practices have long been an issue. Yet, many websites don\u2019t provide strong password guidance for those making accounts. Or, if they flag a weak password, they may allow users to save it anyway. Being forbidden from using the most popular, weak passwords may also be a helpful idea to implement to ensure better account security across the board.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A 10-minute account security checklist<\/h2>\n\n\n\n<p>Do the following to significantly improve your security in just a few minutes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign up for and install a password manager<\/li>\n\n\n\n<li>Get it to generate strong passwords for important accounts like email, banking, and cloud accounts<\/li>\n\n\n\n<li>Enable MFA wherever possible<\/li>\n\n\n\n<li>Change other passwords you know to be weak<\/li>\n\n\n\n<li>Check if your email <a href=\"https:\/\/haveibeenpwned.com\/\">appears in known data breaches<\/a> and update those passwords accordingly<\/li>\n<\/ol>\n\n\n\n<p>Following these steps will put you in a good position for safeguarding your online accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently asked questions about passwords<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Why do weak passwords still work?<\/h3>\n\n\n\n<p>They don\u2019t. You may be able to sign up for an account with a weak password, but it\u2019s practically like having no password at all. If a threat actor targets you, your online accounts will be at risk for all sorts of attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Is password reuse really that dangerous?<\/h3>\n\n\n\n<p>Yes. If one account is hacked or a password is leaked, threat actors will then be able to unlock multiple accounts effortlessly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Are password managers safe?<\/h3>\n\n\n\n<p>Yes. Compared to reusing the same weak password over and over again, reputable password managers that use strong encryption are far more likely to safeguard your online accounts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How often should I change passwords?<\/h3>\n\n\n\n<p>If you use strong passwords, not too often. The latest <a href=\"https:\/\/www.oneadvanced.com\/resources\/whats-new---nist-password-guidelines-september-2024\/\">guidelines from NIST<\/a> suggest passwords should only be changed if an account is at risk or has been compromised.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Are passkeys replacing passwords?<\/h3>\n\n\n\n<p>Passkey adoption is steadily growing, but passwords are still widely used.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The takeaway<\/h2>\n\n\n\n<p>While Gen Z certainly has poor password habits, they\u2019re not so different from every other generation. Better habits are needed across the board to keep online accounts safe. Fortunately, password hygiene isn\u2019t as complex as it may seem. Using strong, unique passwords alongside MFA dramatically reduces the risk of password compromise. And by adding a good password manager to the mix, you\u2019ll hardly need to think about passwords again.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gen Z is undoubtedly the most online generation yet, with the digital landscape having been a central part of their world from a young age. Despite this, recent studies (including this one from NordPass) show that their password practices are less than ideal.&nbsp;<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3359","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=3359"}],"version-history":[{"count":2,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3359\/revisions"}],"predecessor-version":[{"id":3417,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3359\/revisions\/3417"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=3359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=3359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=3359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}