Today, Yubico released its second annual State of Password and Authentication Security Behaviors Report, conducted by Ponemon Institute. The study surveyed 2,507 IT security practitioners in Australia, France, Germany, Sweden, United Kingdom, and United States, as well as 563 individual users.
Last year’s report strictly focused on IT security professionals and their password and authentication behaviors and beliefs, so in this year’s report we were curious to see if any of these habits improved. Additionally, we wanted to see how their security practices or preferences compared to the individual users — employees and customers — that IT professionals are serving.
Ultimately, we discovered that both IT practitioners and individuals are engaging in risky security practices. Password problems continue to prevail, two-factor authentication (2FA) lacks adoption, and mobile use introduces a new set of security challenges and complexities.
- 50% of IT respondents and 39% of individual users reuse passwords across workplace accounts.
- 59% of IT security respondents report that their organization relies on human memory to manage passwords.
- 42% of IT security respondents report that their organization relies on sticky notes to manage passwords.
- Less than half (46%) of IT professionals require the use of 2FA to gain access to corporate accounts.
- 62% of organizations don’t believe that they take the necessary steps to protect information on mobile devices.
What’s also interesting about this year’s report is that we can see the gaps between the solutions and technologies that IT security respondents are implementing, and the preferences from individual users.
- 37% of organizations that implement 2FA to secure business accounts rely on mobile authentication apps and 28% rely on SMS codes.
- 23% of individuals believe SMS or mobile authentication app 2FA methods are very inconvenient.
- 56% of individuals will only adopt new technologies that are easy to use and significantly improve account security.
- 56% of individuals who use a personal device to access work related items don’t use 2FA.
These findings underscore the need for easy-to-use and highly-secure solutions for IT professionals and individual users to reach a safer future together. The good news is that we are well on our way with the growing adoption of FIDO and WebAuthn open standards. Today, WebAuthn is supported in all major platforms and browsers, bringing the benefits of security keys and the promise of passwordless login to millions around the world — two solutions that both IT and individual respondents rated as desirable.
See our infographic below for a high-level view of some of the most salient findings.
To download the full research report and infographic, please visit yubico.com/authentication-report-2020. To learn more about cybersecurity trends on the path to digital transformation, sign up for the upcoming Yubico webinar on March 18 at 10 a.m. PST.