The average person now manages 120 personal passwords, down from a peak of 168 in 2024. NordPass's annual study, conducted on World Password Day, records the first decline since the firm began tracking credential volumes in 2020.
The survey, which polled 1,509 NordPass users in April 2026, attributes the reversal to two converging trends: the growing habit of authenticating through major identity providers (Google, Apple, Facebook) rather than creating new credentials, and the accelerating rollout of passkey support by services and platforms.
Work passwords fell by a proportionally similar margin. The average user in 2024 was managing 87 business-related passwords; that figure has dropped to 67 in 2026.
Karolis Arbačiauskas, head of product at NordPass, said the findings came as a surprise given that the overall number of digital services continues to expand. He attributed the decline to SSO adoption, passkey promotion, and Apple Face ID, noting that NordPass's own passkey offering may have contributed to the shift.
The data was a bit surprising, given the global growth in digital services and accounts," says Karolis Arbačiauskas, head of product at password manager company NordPass. "However, we have several ideas as to what might have caused the average count to go down. Users are increasingly opting for the convenience of logging in through single sign-on (SSO) with their primary account, such as Google, Apple, or Facebook. The growing adoption and promotion of password alternatives like passkeys, Apple Face IDs, and WebAuthn are also contributing to this long-awaited decline. Our own offering of passkeys may also have played a role in this trend."
The research carries a caveat. The raw password count has declined, but the number of accounts and associated credentials overall has not. Arbačiauskas flagged a specific risk in the SSO pattern: around 60% of Americans and Brits reuse passwords across accounts, which means single sign-on authenticated with a weak or repeated password concentrates rather than eliminates credential risk. Forgotten accounts present a separate exposure, because users often miss breach notifications for services they stopped using.
The data also marks a six-year progression. In February 2020, just before the pandemic, the typical user held around 80 passwords. That number climbed by 25% in the first eight months of lockdown and continued rising until this year. The 2026 study is the first to show a reversal.
Passkeys, which replace passwords with device-stored cryptographic keys and biometric authentication, remain Arbačiauskas's recommended path forward. He described them as currently the most secure and convenient authentication method available.
