By Dan Conrad, AD Security and Management Team Lead at One Identity
Authentication is one of the hottest topics in cybersecurity right now. As biometrics, MFA, and a range of other authentication methods continue to threaten the password’s supremacy, we thought it was worth finding out what industry professionals thought about it all.
So that’s what we did. At InfoSecurity Europe 2022, One Identity surveyed more than 100 security and IT professionals to get a picture of how businesses and their employees approach passwords and authentication.
When asked what they consider the biggest security threat to their business and 56 percent of respondents said they believed it to be users sharing passwords for admin tasks. If that isn’t an argument for passwordless authentication, we’re not sure what is. This was followed by 25 percent of respondents believing that the biggest security threat was users clicking on malicious links or opening rogue attachments. Collectively, this means that 80 percent of respondents believe that human error poses the largest threat to an organization’s security.
Interestingly, while the majority (62 percent) viewed educating staff as the most important factor in preventing cyber-attacks, a rapidly growing segment (30 percent) stated that adopting a zero-trust model was more important.
Moving on to multifactor authentication, we are met with some heartening statistics. 99 percent of respondents told us that their company had adopted MFA for remote access and 97 percent said that it was mandated. This confirms what we already knew – that the password as a standalone authentication method is obsolete.
When looking into users’ connections to passwords, we see some interesting results. While just over a quarter of respondents had an emotional connection to a password (28 percent), the majority said they had a favorite password (84 percent). We can infer from this that while most people don’t reuse passwords for sentimental reasons, they likely do for practical reasons. It is concerning that IT and security professionals, people who are more aware than anyone of the dangers of reusing passwords, persist in this bad habit.
This is yet another mark against the use of traditional passwords – if those in the know aren’t following best practices, how can we expect the layman to? The reality is modern users have so many accounts that it is no longer practical to create and remember a new password for everyone they set up. We’ll chalk this one up as another point in support of modern authentication methods, which eliminate these problems.
While it’s clear that users are reusing passwords, it turns out that most respondents are at least adding complexity to their passwords depending on a system’s importance (96 percent). Perhaps unsurprisingly, 76 percent saw banking or financial services as requiring a top tier password, but only 7 percent thought that work emails were deserving of the same protection. This may be an understandable perspective but doesn’t bode well for organizations that routinely share sensitive information through email.
Finally, we make it to how IT and security professionals are storing their passwords. Here, at least, we get some more heartening statistics:
- 65 percent of respondents said they used passwords managers, which is generally regarded as the safest and most convenient way to keep passwords
- 23 percent said they wrote their login details down somewhere, which, while not ideal, is safer than using one password across multiple accounts
We did, apparently, come across some cyber-savants claiming they could remember all their login details, but if anything, this suggests that they are reusing passwords for an alarming number of accounts.
The key takeaway here is that the password is on the way out. These results serve as further proof that traditional passwords by themselves are no longer fit for purpose – even leaders in the IT security space fail to follow best practices simply because it isn’t convenient. We’ve seen that businesses are implementing and mandating alternative authentication methods en masse, and it won’t be long before this trend trickles down to the rest of society.