A new study by NordPass reveals that most users store their passwords in their web browser, prioritizing ease of use over digital safety. Because browser-based credentials are often tethered to a user’s primary account, a single breach can leave an entire digital life exposed.
To understand password storage habits, researchers surveyed consumers in eight countries: the US, Canada, the UK, Australia, France, Germany, Italy, and Spain. The study found that browser-based saving is the default choice for the vast majority (around 40-50%) of respondents, effectively creating a single point of failure. When this habit is paired with password reuse, it creates a digital house of cards that collapses if just one account is breached.
“Convenience and ease of use dominate as the top two drivers, confirming that browser password saving is overwhelmingly a comfort-driven behavior — with cost and passive auto-save prompts playing a secondary but consistent role,” says Karolis Arbaciauskas, head of product at NordPass and its parent organisation, Nord Security.
Canadians lean on a deceptively risky habit
According to the survey, Canadians are the second most likely to combine browser-based and third-party password managers. As many as 16% of Canadian respondents use this hybrid approach — behind only the US (18%). Meanwhile, 37% save their passwords exclusively in their browser, and only 13% rely on a dedicated password manager alone.
In fact, more Canadians use a combined approach than a dedicated manager on its own — a pattern shared with the US, Australia, and the UK, but reversed across most EU countries.
“Combining a browser-based password manager with a third-party tool is incorrectly assumed to be a safe way to maintain a backup. However, if the passwords stored in the browser are compromised, the backup does little to protect them. Password reuse only sharpens this problem,” says Arbaciauskas.
Distinct habits around the world
Canadians are far from alone in their reliance on browsers to save their passwords, but habits vary widely across the eight countries surveyed. Spanish users are the most security conscious. Nearly one in five (19%) respondents from Spain stated that they use a dedicated password manager. In contrast, only 8% of Italians use such a tool.
German users are the most tool-averse in general, with the highest share (22%) relying purely on memory. France stands out for its love of the analogue. As many as 13% of French respondents still write their passwords down on paper.

According to Arbaciauskas, the habit of memorizing passwords — prevalent in Germany, Australia, Canada, and the UK — often leads to the reuse of identical or very similar credentials (such as swapping only a single letter or number). These memory-friendly passwords are far easier to breach, potentially triggering a chain reaction where a single leak compromises most, if not all, of a user’s accounts.
Convenience comes at the cost of risk
Convenience comes at a steep price. Browser-based managers are usually tethered to the user’s primary account (e.g., Google, Microsoft, etc.). If a hacker compromises that single account, they don’t just get your emails — they get the jackpot of every credential stored in that browser.
“Browser-based password managers are certainly a better choice than simply reusing or slightly altering the same password everywhere. However, dedicated password managers offer distinct advantages, such as encryption based on zero-knowledge architecture. This means all data is encrypted on your device before it ever leaves your computer or smartphone, ensuring that not even the developers can access your passwords — let alone anyone else,” says Arbaciauskas.
Unlike browser-based password managers, dedicated tools are not tied to any ecosystem and work seamlessly across all major browsers and operating systems, making password syncing across devices simple. This is particularly important if you use multiple browsers or devices. It also saves time and effort when you decide to or need to switch to another operating system.
Furthermore, dedicated password managers offer additional security features — such as a data breach scanner, password health checker, email masking, and secure document storage — that are often missing from browser-based managers.
Methodology
The quantitative research on password storage habits was conducted by Nord Security on March 26–April 4, 2026, and included 1009 Canadian residents aged 18–74, as part of a wider eight-country study of 7,861 respondents from Australia, Canada, France, Germany, Italy, Spain, the UK, and the US.
Guest Post – Child’s play: Many adults guard their online lives with passwords they created as kids, study finds
Posted in Commentary with tags Nordpass on July 7, 2026 by itnerdA new study by NordPass reveals that many people are still clinging to passwords they created years ago, with some carrying childhood-era credentials well into their adult lives.
The research, conducted across eight countries (the US, Canada, the UK, Australia, France, Germany, Italy, and Spain), found that just over half (54%) of respondents have updated their longest-standing password within the past year. While around 15% have made a change in the last three years, and 8% did it three to five years ago, a stagnant minority remains: 4% are still using passwords created five to ten years ago, and up to 3% are using legacy credentials that are over a decade old. Most concerningly, around 6% of respondents globally admit they have never changed their oldest password at all.
“It’s a bit ironic: We’ve upgraded our phones and our lives, yet for many, a 15-year-old pet’s name or that ‘Summer2010’ password is still doing the heavy lifting for main email accounts or even retirement funds,” says Karolis Arbaciauskas, head of product at cybersecurity company NordPass and its parent organization Nord Security.
Old passwords rarely age well
In the study, Italy stands out as the country with the highest share of recent password changes (65%) and the lowest number of passwords that have not been changed in over a decade (1%) or at all (4%). Germany sits at the opposite end, with the lowest recent-change rate (47%) and one of the highest proportions of respondents clinging to legacy credentials. At least 3% of Germans are still using passwords older than a decade, while 6% have never updated their oldest password at all.
The US led on a different but equally worrying measure: 14% of respondents said they could not remember the last time they changed their oldest password, the highest rate among all countries surveyed. In most other countries, that figure hovered around 11%.
“I’m fairly certain most internet users know they should immediately change a password that has been compromised. So when people say they haven’t changed a password in years, either the password hasn’t been exposed, or they simply don’t know it has. I hate to be a bearer of bad news, but the second scenario is far more likely. Without tools to notify them when credentials appear in leaks or breaches, many users have passwords aging in the background while the risk grows,” says Arbaciauskas.
A habit that starts young — and sticks
Interestingly, the age-based demographic analysis subverts the usual stereotypes about “digital natives.” Although Gen Z is often presumed to have a good understanding of digital tools — and, by extension, cybersecurity — respondents aged 18-24 are the least likely to have changed their longest-standing password within the past year and the most likely to say they had never changed it at all.
In fact, the password change recency trend goes up with age, peaking with the 55-to-64 age group. Older users, especially Baby Boomers, appear more security-conscious in their maintenance behavior — they update passwords more actively, but are more likely to rely on memory or write passwords down. In other words, they put in the effort without following best practices.
“This study complements our annual Top 200 Passwords research, which found that Gen Z tends to choose simple passwords — often consisting of basic number sequences or internet trends,” says Arbaciauskas. “The high rates of Gen Z-ers saving passwords in browsers, combined with the fact they have the highest ‘never changed’ proportion, reveal that it’s a generation that is comfortable with digital tools but disengaged from basic credential hygiene.”
According to Arbaciauskas, the combination of vulnerable passwords and inconsistent storage habits creates a high-risk target for cybercriminals. Password managers can help bridge these security gaps by offering monitoring tools and real-time alerts whenever credentials appear in a breach.
Methodology
The quantitative research on password habits was conducted by Nord Security between March 26 and April 6, 2026, among 7,861 respondents aged 18-74 in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US.
ABOUT NORDPASS
NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktops, mobile devices, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.
Leave a comment »