Germany ranks first in a recent global assessment of password exposure risk, with more than 360 compromised credentials per 100,000 residents, according to a study by email validation company ZeroBounce.
The study reviewed credential breach data from numerous countries and calculated per capita rates of password exposure.
Portugal and Australia followed Germany on the list, with significantly lower figures, while other countries with advanced digital infrastructures, such as the United States and the United Kingdom, were also included in the top 10.
The data suggest that countries with widespread internet access are not necessarily safer from security issues caused by password practices.
By focusing on the number of exposed passwords per 100,000 people, ZeroBounce said it aimed to better represent user behaviour rather than population-based volume.
The study explained that a country with a large population might show a higher total number of breaches, but that doesn’t always mean people are more careless.
At the regional level, Europe registered the highest rate of vulnerable passwords at 74.8 per 100,000 residents. This was nearly nine times greater than Asia and 18 times higher than Africa. North America showed intermediate exposure, with the US ranked sixth overall.
The analysis also identified localised password tendencies. In Italy, names of football teams are commonly used as login credentials, while in France, the keyboard sequence “azerty” is frequently selected. Global trends include the continued use of predictable patterns such as sequential numbers, names and birth dates.
ZeroBounce’s findings point to widespread reliance on simple passwords, despite the availability of more secure authentication tools. According to Verizon’s industry report, up to 80% of hacking-related breaches originate from stolen or weak login credentials.
The current threat environment has evolved with the use of AI-powered tools, allowing attackers to test large volumes of password combinations rapidly. Combined with the availability of previously exposed credentials online, this creates higher risks for individuals and organisations reusing passwords.
Vlad Cristescu, who leads ZeroBounce’s cybersecurity division, said basic steps such as using unique passwords, password managers, and multi-factor authentication remain effective if adopted consistently.
“Small changes go a long way – and lead to fewer problems down the line,” said Cristescu.
ZeroBounce emphasised that the problem lies not in the technology but in how it is used.
What are your thoughts on password security where you live or work? Join the conversation in the comments.
