Yubico Releases the 2019 State of Password and Authentication Security Behaviors Report

In conjunction with Data Privacy Day, Yubico is releasing today new research in a report entitled, The 2019 State of Password and Authentication Security Behaviors Report, conducted by Ponemon Institute. The findings reveal that despite a growing understanding of security best practices, user behavior is still falling short. The problem? Passwords continue to trip up users and compromise security and many users are not taking advantage of stronger two-factor authentication solutions that are available.

The annual Data Privacy Day initiative, led by the National Cyber Security Alliance (NCSA), has grown in popularity each year — and with good reason. Massive data breaches like the recent Collection #1 continue to happen. With nearly 773 million records exposed, including email addresses and passwords, Collection #1 is one of the largest breaches to date; and yet, are individuals taking the actions needed to protect their online accounts? According to the report findings, it appears not.

Are we becoming more security-minded, and better yet, are we following best practices? Some of the most interesting stats revealed that: (Click to Tweet your favorites!)

2 out of 3 (69%) respondents share passwords with colleagues to access accounts

51 percent of respondents reuse passwords across business and personal accounts

57 percent of respondents who have experienced a phishing attack have not changed their password behaviors

67 percent of respondents do not use any form of two-factor authentication in their personal life and 55 percent of respondents do not use it at work

57 percent of respondents expressed a preference for a login method that does not involve the use of passwords

Beyond the above listed highlights, the full 2019 State of Password and Authentication Security Behaviors Report delivers further data on the following topics:

How privacy and security concerns affect personal password practices

Risky password practices in the workplace

Authentication and account security in organizations

Differences in password practices and authentication security behaviors by age

Differences in password practices and authentication security behaviors by country (Germany, France, UK, USA)

To read more of the research highlights, please check out our infographic below or download our full research report here.

Ponemon

Talk to our teamTalk to our team

Share this article:


  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet