Menu Search

Company Announcements

Yubico AB

Password Party’s Over: Nearly 50% of Americans Continue to Re-use Passwords Despite Phishing Attacks on the Rise

New Survey From Yubico Reveals Which U.S. Cities Are the Savviest (and Laziest) When It Comes to Cybersecurity

STOCKHOLM & SANTA CLARA, Calif.--(BUSINESS WIRE)--Aug. 19, 2025-- A new survey from Yubico (NASDAQ STOCKHOLM: YUBICO), a modern cybersecurity company on a mission to make the internet safer for everyone, today reveals a tale of two cities – or, more accurately, ten. While New Yorkers rush to catch a train and Californians are stuck in traffic, nearly half of Americans (48%) are still stuck using the same password for multiple online accounts. Even worse? When asked what they think is the most secure method, only 3% believed in using a hardware security key which is considered to be the most effective tool available to stop phishing.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250819753466/en/

Conducted by Talker Research, the survey of online habits across the top 10 U.S. metro markets reveals a nation that thinks it's security-savvy but is still making rookie mistakes. From password reuse to overconfidence in spotting AI-enhanced phishing scams, here’s a look at which cities are winning the security game – and which ones need to step it up.

“Yubico’s survey reveals a wake-up call: many people have a false sense of security when it comes to their online accounts being protected,” said Ronnie Manning, Yubico’s chief brand advocate. “They are overconfident in their safety, yet they still hold on to risky habits that can be tempting for today’s modern hackers. The YubiKey isn't just a product; it's a statement that proves your security is non-negotiable. It gives you the power to secure your entire digital life with one simple, human touch.”

The City Showdown: Who Needs a Digital Pep Talk?

  • New York vs. Los Angeles: Over 48% of all respondents admitting to reusing passwords, we can only imagine the number of New Yorkers who are using the same password for their finance app as they are for their favorite bodega rewards program. And in LA, where the traffic is a constant grind, maybe it's not a surprise that password updates are a rarity, with 19% only changing them when they are prompted or have experienced a security incident.
  • Seattle vs. Denver vs. San Francisco Bay Area: Tech-giant cities Seattle and San Francisco agree: MFA is used by 70% of Seattleites and 67% of San Franciscans. In fact, San Franciscans take it a step further with 64% setting up passkeys whenever available. Meanwhile, their competitor for top U.S. tech hub, Denver, lags behind – being one of the most likely to use the same password for multiple accounts (50%) and to admit to not using any specific security methods beyond basic passwords (11%).
  • Chicago vs. Atlanta: While a significant portion of consumers believe that strong, unique passwords are the most secure method (22%), they're missing the bigger picture. Atlanta, meanwhile, is on the rise, with 62% of consumers actively turning on MFA when available. Looks like southern hospitality includes protecting your friends from getting hacked.
  • Dallas-Fort Worth vs. Houston: Does anyone in the Lone Star State still use their pet's name for a password? A surprising 13% of all respondents admitted to doing so. Let’s make security as big as everything else in Texas!
  • Washington, D.C. vs. New York City: The survey shows that 42% of people in Washington, D.C., are worried about their financial institutions being hacked. The cities are neck and neck when it comes to adopting passkeys, with 61% of New Yorkers and 62% of D.C. area residents setting up the technology to protect their online accounts.

The survey also found that despite a majority (62%) feeling confident they can spot a phishing attack, 39% reported experiencing a cybersecurity incident in the last year.

With over 64% of people turning on MFA, the momentum is there, but most are still using less secure methods like text message codes. The fact remains that the only 2FA method to defend against phishing attacks 100% of the time is a hardware security key.

For more survey insights, see here.

About Yubico

Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the internet safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure logins simple.

Since 2007, we’ve helped shape global authentication standards, co-creating FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organizations in over 160 countries—transforming how digital identity is protected from onboarding to account recovery.

Trusted by the world’s most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services, delivering fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Dual-headquartered in Stockholm, Sweden and Santa Clara, California, Yubico is proud to be recognized as one of TIME’s 100 Most Influential Companies and Fast Company’s Most Innovative Companies. Learn more at www.yubico.com.

Yubico Communications Team
press@yubico.com

Source: Yubico