Passwords are an affordable and easy way of authentication. Although passwords offer a high level of security, the fact is that they are a weak spot that threat actors frequently exploit to acquire access to internal systems and sensitive information. Brute force attacks are done to guess poor passwords, credential stuffing attacks become successful since people use the same passwords on several platforms, and staff members reveal their passwords by answering phishing email messages.
A lot of these attacks directed at passwords become successful since employees have unsafe password practices, for example using quick-to-remember passwords or utilizing identical passwords for several accounts. Businesses can do something to get rid of these bad password practices by giving employees security awareness training to teach them the best practices with regard to the use of passwords, implementing password complexity guidelines, and having a password manager; nevertheless, risk can be minimized, not eradicated completely. Employees will commit errors, and a few will elude the rules.
The best strategy for companies to get rid of password pitfalls is to get rid of passwords entirely and use passwordless authentication. What is passwordless authentication? It is a broad name covering several ways of authentication, such as biometrics, security keys, and specialized mobile apps. The challenge for companies is the high cost and difficulty of implementing passwordless authentication for the entire workforce.
50% of Companies Have Enforced Passwordless Authentication or Plan to
Bitwarden, a company that provides open-source password manager, has just released the report from its yearly password decisions survey, demonstrating that many companies are adopting passwordless authentication. 800 IT decision-makers from the US and UK across a variety of industrial sectors participated in the survey. The results showed more or less half of the survey respondents have either implemented or have plans to use passwordless systems. The primary advantages of passwordless technology were found to be enhanced security (41%), a better user experience (24%), greater productivity (19%) and reduced pressure on the IT department (17%).
Out of the companies that have begun to use the technology, 66% have 1 or 2 user groups or several teams utilizing passwordless systems, with 13% having completely used it throughout the whole organization. The most typical type used or under consideration by 51% of companies is the biometric factor including a fingerprint, facial recognition, or voiceprint technology. 31% used or are thinking of something a worker has, including a mobile phone, FIDO authentication or security key. 47% of survey respondents stated that FIDO2 was a crucial element of their passwordless usage.
The most frequently mentioned reason for not replacing passwords is the apps the businesses utilize aren’t made for use with passwordless authentication — an issue for 49% of companies that have not adopted passwordless. 39% stated end users opt for passwords or are unwilling to change, 28% stated they have no budget, 23% stated there was a problem with leadership, and 21% stated they had restricted talent and skills to put it into action.
It is possible to take a while before many companies can go completely passwordless, and for the time being, passwords will still be utilized. The survey showed that risky password practices are prevalent. Although 84% of survey respondents claimed they utilize password management programs, 54% stated passwords are kept in a file on their computer, 29% list them on paper, and more than 90% of survey respondents confessed to reusing
passwords, in spite of knowing the dangers. 36% use the same passwords on 5-10 websites, 24% use the same passwords on around 15 websites, and 11% use the same password on over 15 websites, which is the reason for the success of credential stuffing attacks. Thankfully, 92% of survey respondents stated they are utilizing 2-factor authentication at work compared to 88% of last year’s survey.
If asked why they feel people hesitate to utilize 2FA to keep accounts secure, 48% stated they don’t think people know the merits, 47% stated they believe passwords are good enough, and 41% stated they believe it’s because they won’t get hacked, with the same percent stating 2FA delays workflow.