Yubico’s new report, ‘The 2019 State of Password and
Authentication Security Behaviours’ shows passwords continue to trip up users
and compromise security, let alone upgrade them to more secure multi-factor
Yubico makes YubiKey that is a physical USB key to help secure any devices and accounts with passwords. Our review says it is a no-brainer for enterprise to implement but perhaps a little complex for Joe and Jane Average – although not beyond them to do so.
Back to the Yubico report
Ponemon Institute surveyed 1,761 IT
and IT security practitioners in the United States, United Kingdom, Germany and
The purpose was to understand the
beliefs and behaviours surrounding password management and authentication
practices both in the workplace and at home.
The goal was to understand if these
beliefs and behaviours align, and why or why not.
The conclusion is that despite the
increasing concern regarding privacy and protection online and a greater
understanding of the best security practices, individuals and businesses are
still falling short. Both parties are in dire need of solutions that will offer
both added security and convenience.
Stina Ehrensvard, CEO and Founder,
“For decades, passwords have been the primary method of authentication used to protect data and accounts from unauthorised access. However, this multi-country research illustrates the difficulties associated with proper password hygiene. With every new password breach that we see, it’s increasingly clear that new security approaches are needed to help individuals manage and protect their accounts both personally and professionally.”
Perhaps a bit prophetic given these comments were made just before the latest release of 2.2 billion users email and passwords in Collection #2-5. (GadgetGuy article here).
All surveys can ‘prove a point’, but Ponemon does not go there. It found
64% have become more concerned about the privacy
and security of their personal data over
the past two years. They are most concerned with Social Security number or
citizen ID, payment account details and health information. The reasons:
59% potential for government surveillance
51% the growing use of mobile devices
40% the growing
use of connected IoT devices and voice control
47% say their companies are most concerned about
protecting customer information
45% say they are most concerned about protecting
As cyber attacks become more prevalent,
vulnerabilities created by poor password and authentication practices lead to
attacks such as phishing.
51% had a phishing attack in their personal life
44% had a phishing attack at work. While phishing
attacks are frequent, 57% have not
changed their password behaviours.
69% admit to sharing passwords with their
colleagues in the workplace to access accounts. Remember
the golden rule – Only one person can keep a secret.
51% reuse an average of five passwords across
their business and/or personal accounts.
A username and password is
the ‘norm’. What about more protection?
67% do not use any form of two-factor
authentication in their personal life
55% do not use it at work
Ponemon says that we need new security approaches to help manage and protect private and business
Yubico points out (as you would expect) that the average person
spends 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords. And because managing passwords is such a chore 57%
would like password-less logins to protect their identity. Enter Yubikey.