Even though 9 out of 10 internet users in the U.S. consider themselves to be tech-savvy, a new study shows their password security and online safety habits prove otherwise — supporting the fact that more than 2,400 people each day report cybersecurity breaches.

The HighSpeedInternet.com study, “Password Security in 2025: Americans Aren’t as Tech-Savvy as They Think,” showed that internet users’ knowledge of pop culture actually exceeds their online security competency.

For example, the study found that 68% of respondents remembered the name of the coffee shop in the TV show Friends (Central Perk); 80% knew who Taylor Swift is dating (Travis Kelce); and 96% easily recognized the Target bullseye logo. However, only 23% of study respondents could identify the safest password combination in a list of provided options. And more than 75% of people aren’t managing their passwords safely.

“Far too many of us still rely on weak passwords, reuse login credentials across multiple accounts, or trust public Wi-Fi at the coffee shop for sensitive activities,” wrote Trevor Wheelwright in a post that summarizes the study’s findings.

The author explained that, while passwords should be unique, unidentifiable, and unguessable, the reality is that one in three people in the study use an important date or anniversary in their password. It is well-known that such passwords are easy for hackers to guess because the information is often publicly available.

Rather than using new, unique passwords for different accounts as recommended, 8 in 10 people don’t use unique passwords and 14% reuse the same password for nearly all of their accounts. This could enable cybercriminals to access multiple platforms.

According to the National Institute of Standards and Technology (NIST), frequent password changes are no longer recommended, as they may lead to risky habits like slightly modifying reused passwords.

Instead, NIST advises utilizing password managers to create robust, unique passwords for each account, updating passwords annually, and incorporating multi-factor authentication for improved security. However, only one-third of respondents reported adhering to best practices like using a password manager.

In addition, the study uncovered that while internet users should change their passwords following a data breach alert, only one in four people actually do it.

Online browsing habits were also found to be lacking in the HighSpeedInternet.com study. While most users understand the risks of accessing sensitive sites or entering critical credentials on public Wi-Fi, 20% of Americans still consider it secure enough for activities like banking or shopping if the site utilizes an https connection. However, https only provides an additional layer of security and should be approached with caution.

The study found that most people understand what a virtual private network is and how it helps them browse the internet more securely, but 4 in 10 don’t know what VPN stands for.