Yubico comments on passwords

​

The proliferation of poor password hygiene continues which is why World Password Day is still relevant.  Started by Intel in 2013, World Password Day is intended to encourage us to consider and improve our password practices.

“With our improved security awareness, some hoped last year’s World Password Day would be the last – but the reality is, we still have a long way to go,” says Nic Sarginson, Senior Solutions Engineer UKI&RSA at Yubico (www.yubico.com).

“Risky password and authentication practices are still rife in our professional and personal lives.  In fact, recent research (www.yubico.com/authentication-report-2020/) from Ponemon Institute found that UK IT professionals reuse their passwords across an average of ten personal accounts, while 39% of individuals and 58% of IT professionals have also done this across workplace accounts.”

“These security gaps point to the urgent need for additional layers of authentication tools – but to be successful, they must also be convenient.  Security keys are a great example of this.  They deliver phishing-resistant two-factor authentication (2FA) and a higher level of security than memorable words or SMS one-time passwords (OTPs).  Requiring employees to authenticate using a device – in addition to log-on credentials – will better protect networks, applications and data in the long run,” continues Sarginson.

“Gartner predicts (www.gartner.com/smarterwithgartner/embrace-a-passwordless-approach-to-improve-security/) most enterprises will implement passwordless methods in over 50% of use cases by 2022.  However, with the majority of people currently working remotely, there is a real possibility that COVID-19 could accelerate this passwordless adoption.  If that’s the case, security must absolutely be at the forefront of this change.”