The state of the password report

Hardware authentication security keys expert, Yubico (www.yubico.com) has announced the results of the company’s second annual State of Password and Authentication Security Behaviours Report, conducted by the Ponemon Institute.

According to the report, IT security professionals – who are expected to take the utmost precaution when it comes to security – aren’t much better than the individual users – and engage in risky practices, including reusing and sharing passwords in the workplace, and accessing workplace apps from their personal mobile devices without using two-factor authentication.

Key UK findings from the research highlights how individuals report better security practices, in some instances, compared to IT professionals.  Out of the 35% of individuals who report that they have been victim of an account takeover, over 75% changed how they managed their passwords or protected their accounts.  

Nearly 55% of IT security respondents say their organizations have experienced a phishing attack, with another 9% of respondents stating that their organizations experienced credential theft, and 7% say it was a man-in-the-middle attack.  Yet, only 56% of IT security respondents say their organizations have changed how passwords or protected corporate accounts were managed.

Alarmingly, 45% of IT security respondents say their organizations don’t take necessary steps to protect information on mobile phones.  With 51% of individuals reporting that they use their personal mobile device to access work related items, 56% admit that they don’t use 2FA.

It seems that relying on human memory to managed passwords is favoured by 67% of IT security respondents, while 43% say that sticky notes are used.  Only 34% of IT security respondents say that their organization uses a password manager, which are effective tools to securely create, manage, and store passwords.

“IT professional or not, people do not want to be burdened with security – it has to be usable, simple, and work instantly,” said Stina Ehrensvard, CEO and Co-Founder, Yubico.  

“For years, achieving a balance between high security and ease of use was near impossible, but new authentication technologies are finally bridging the gap.  With the availability of passwordless login and security keys, it’s time for businesses to step up their security options.  Organizations can do far better than passwords; in fact, users are demanding it.”

The Ponemon Institute surveyed 2,507 IT and IT security in the United States, United Kingdom, Germany, France, Sweden and Australia, as well as 563 Individual users to better understand the differences in security behaviours and preferences between IT security practitioners and individuals.

The report can be downloaded from: www.yubico.com/authentication-report-2020