A recent survey of IT leaders and key decision-makers revealed that more than half believe passwords are too weak for security purposes — with staff stuck entering passwords, on average, 12 times a day.
Although password managers have gone some way in addressing security concerns like length and the uniqueness of passwords, there's a growing feeling that password security is still a huge business risk. Microsoft, Google, and Apple agree — having recently committed to expanding support for passwordless logins.
Importantly, almost all IT leaders agreed that password security is a cultural issue, one that can only be solved by those at the top of the food chain.
IT Leaders Pass on Passwords
The survey on password security, commissioned by Ping Identity and Yubico, sought answers from over 600 IT professionals in leadership positions in the US, UK, France, Australia, and Germany. The results are a damning indictment of the state of data security, and more specifically passwords.
Half of the IT leaders admitted outright that passwords are too weak for security purposes. However, an even bigger percentage — 84% — said that passwords are “deceptively weak”, a number which was mirrored in the US dataset.
Worryingly, while 65% of respondents said their organization is completely or very likely to adopt passwordless authentication in the future, only a fifth (19%) said their company had already made plans to. To make our systems more secure a high uptake is crucial — and, considering 92% of respondents believe that hybrid working has caused people to be less cautious with passwords, the timing of these changes has never been more pressing.
Passwords Are a Hassle
As well as being a weak form of data security, passwords are also a hassle for employees— although these two aspects of passwords are inextricably linked.
Swapping to passwordless authentication would not only make things more secure, but it could potentially save time too. According to the survey, 32% of IT leaders estimate that passwordless authentication would free up an extra 30 minutes of time if it was adopted in their organization. On average, the survey respondents said that their employees were stuck entering passwords 12 times a day — which could have a direct impact on productivity.
It has a domino effect too — an average of 33% of IT tickets are related to passwords, and for 21% of IT leaders, 50% or more of their tickets are password related.
What is Passwordless Authentication?
Passwordless Authentication is any kind of authentication process that doesn't involve passwords. At present, the most widely used methods of passwordless authentication are verification via a secondary device or some sort of biometric authentication.
Because passwords have been the modus operandi of account security since the early stages of the internet, cybercriminals have a number of different methods for bypassing them — like brute-forcing — and they know how to exploit people's bad habits.
Credential stuffing is one of the easiest ways to break into multiple accounts someone owns — if you can guess one password, chances are, they've reused it on at least one more website, portal, or software program.
What About Password Managers?
As the survey results show, the adoption of passwordless methods of authentication is by no means widespread, and will take a while to before it's rolled-out more widely. Until it is, password managers are easily the best solution.
Password managers will give you the freedom to create long, unique passwords for every account you own. If you're not repeating passwords, credential stuffing becomes obsolete, and if they're sufficiently long, brute-forcing becomes much less of a risk, to name just two threats that password managers alleviate.
Whether they'll always be the optimum bit of tech for securing your accounts is one thing, but it does seem like the tech community is starting to think twice about the pros of passwords.