Password Security Fears Strong Among IT Pros
The number of security breaches across the globe is increasing, and it seems every week another business is being hacked and passwords leaked. Smaller businesses are no longer immune to the effects, nor any sector—the most recent Airbus hack shows that even the skies are not off-limits.
The Ponemon Institute, with multifactor-authentication vendor Yubico, surveyed more than 1,500 IT security practitioners in the United States, U.K., Germany and France to give an insight into beliefs and behaviors around password management and authentication. Despite our worsening state of online security, have practices improved?
Importance of Password Security
Passwords remain the most widely used authentication method, securing billions of data assets from personal to highly sensitive business data. A report from Cybersecurity Ventures found the number of passwords in use is expected to exceed 300 billion by 2020. It is no wonder that two-thirds of those surveyed firmly believe in the importance of securing passwords, and that over the past two years, their concerns have grown.
Data Protection and Privacy Concerns
Government intelligence and dwindling privacy are both critical factors respondents attribute to the increased importance of password security. Edward Snowden and others who have revealed the level of snooping governments around the world are doing has resulted in a new level of concern and worry around data and privacy.
The rise in data theft and smarter phishing techniques also contribute to the heightened concern. IT professionals are cautious of what employees are clicking—and, as a third of all help-desk tickets relate to password issues, how much care they take in securing their privacy.
Creatures of Habit
The survey reveals that nearly half have experienced phishing attacks in the workplace and more than half in their personal lives, yet what is profound is habits rarely change. Despite the near-misses, 57 percent reported have not changed their password behavior.
Utilizing self-service password reset software or password managers could have a significant positive impact on workplace security. Multi-factor authentication is another that can deliver real security value, but according to the National Cyber Security Centre, uptake in multi-factor authentication remains slow.
Financial Loses
The report found that on average businesses lose around $5.2 million annually in labor, entering or resetting passwords. Combine this with the Digicert report, which reveals more than 70 percent of employees use the same password for multiple systems, and it’s clear there is a definite disconnect between concerns over password security and execution in the workplace of practices to help. Two-thirds of respondents also admitted sharing passwords among colleagues, highlighting the disconnect further.
A vital practice to help reduce and eliminate such practices and reduce some of that loss is through education, which can deliver the benefits of highly secure authentication methods, less downtime, fewer support calls and an added layer of security.
Challenges of Multiple Passwords
The number of passwords and credentials the average IT professional uses has increased over the years, so it is unsurprising that 51 percent surveyed find it challenging to manage so many.
Management techniques include spreadsheets and sticky notes, and 53 percent said they prefer to use memory. The report shows respondents’ reliance on heavily outdated and unreliable techniques, avoiding software alternatives that are more secure and proven to help mitigate weak security practices in the workplace, such as single sign-on and privileged password managers.
Taking Up Classical Methods
Despite the bleak outlook, a high number of IT professionals have taken up more classical approaches to password security. Sixty-nine percent of respondents utilize periodic password changes and more than 60 percent enforce minimum-length password policies and have eliminated the use of repeat passwords—techniques that have been around for more than 20 years. There is also an uptake in multi-factor authentication, with just under half of respondents having introduced it in the workplace.
Conclusion
The report shows there is still a chasm between our beliefs and our behavior, as our fears grow our actions need to keep up. A combination of education and software can have a tremendous and positive impact on the workplace. Multi-factor authentication tools are getting smarter, more convenient, while identity management software is getting more accessible and risk-aware. All these options can help secure passwords, credentials, employees and the workplace.
