84% of IT Leaders Think Passwords are “Deceptively Weak”

Staff are stuck entering passwords 12 times a day - could your password problems be impacting productivity?
Aaron Drapkin

A recent survey of IT leaders and key decision-makers revealed that more than half believe passwords are too weak for security purposes with staff stuck entering passwords, on average, 12 times a day.

Although password managers have gone some way in addressing security concerns like length and the uniqueness of passwords, there's a growing feeling that password security is still a huge business risk. Microsoft, Google, and Apple agree having recently committed to expanding support for passwordless logins.

Importantly, almost all IT leaders agreed that password security is a cultural issue, one that can only be solved by those at the top of the food chain.

IT Leaders Pass on Passwords

The survey on password security, commissioned by Ping Identity and Yubico, sought answers from over 600 IT professionals in leadership positions in the US, UK, France, Australia, and Germany. The results are a damning indictment of the state of data security, and more specifically passwords.

Half of the IT leaders admitted outright that passwords are too weak for security purposes. However, an even bigger percentage 84% said that passwords are “deceptively weak”, a number which was mirrored in the US dataset.

Worryingly, while 65% of respondents said their organization is completely or very likely to adopt passwordless authentication in the future, only a fifth (19%) said their company had already made plans to. To make our systems more secure a high uptake is crucial and, considering 92% of respondents believe that hybrid working has caused people to be less cautious with passwords, the timing of these changes has never been more pressing.

Passwords Are a Hassle

As well as being a weak form of data security, passwords are also a hassle for employees—  although these two aspects of passwords are inextricably linked.

Swapping to passwordless authentication would not only make things more secure, but it could potentially save time too. According to the survey, 32% of IT leaders estimate that passwordless authentication would free up an extra 30 minutes of time if it was adopted in their organization. On average, the survey respondents said that their employees were stuck entering passwords 12 times a day — which could have a direct impact on productivity.

It has a domino effect too an average of 33% of IT tickets are related to passwords, and for 21% of IT leaders, 50% or more of their tickets are password related.

What is Passwordless Authentication?

Passwordless Authentication is any kind of authentication process that doesn't involve passwords. At present, the most widely used methods of passwordless authentication are verification via a secondary device or some sort of biometric authentication.

Because passwords have been the modus operandi of account security since the early stages of the internet, cybercriminals have a number of different methods for bypassing them like brute-forcing and they know how to exploit people's bad habits.

Credential stuffing is one of the easiest ways to break into multiple accounts someone owns if you can guess one password, chances are, they've reused it on at least one more website, portal, or software program.

What About Password Managers?

As the survey results show, the adoption of passwordless methods of authentication is by no means widespread, and will take a while to before it's rolled-out more widely. Until it is, password managers are easily the best solution.

Password managers will give you the freedom to create long, unique passwords for every account you own. If you're not repeating passwords, credential stuffing becomes obsolete, and if they're sufficiently long, brute-forcing becomes much less of a risk, to name just two threats that password managers alleviate.

Whether they'll always be the optimum bit of tech for securing your accounts is one thing, but it does seem like the tech community is starting to think twice about the pros of passwords.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals