To highlight issues concerning poor password management and the consequences it brings, we've summed up some insightful password statistics and facts based on fresh studies.
The world of passwords we live in has made users insensible to the security measures provided by the password. They take a shortcut and use the simplest strings that are easy to remember – but what concerns enterprises, they're easy to crack as well.
Although an upgrade from ''qwerty'', boosting the security of your online and offline accounts with information easily gained through a quick google search, such as name and DOB, is not a great effort.
Password sharing leads to both security and business side issues. Netflix is a good example of a streaming platform that lost revenue due to unofficial shared accounts as well as customer support costs caused by incoming password reset tickets in case of a compromised account. Moreover, users with bad intentions of having access to someone else’s account could easily compromise access to other services - often requiring the same credentials that are already in possession of the fraudster.
This information goes to show how counting on the individual user's reaction is not an option. An incident at Slack is a good example of how the post-incident period should be handled. The company sent out a password reset email to all users who were suspected to be affected during the security incident. Although the approach is more reactive than proactive, it was certainly a good decision to take the matter into the company's hands and block access to the service with credentials that are known to be compromised.
50% of IT professionals state that they reuse passwords across multiple accounts, both business and personal. Also, despite their security knowledge, the same percentage of average users and IT professionals admit to sharing passwords.
A survey by Google shows a lack of understanding in terms of online security. The users are not provided with enough resources to protect their accounts by implementing standard security measures. With the rapid development and regulation concerning MFA, businesses must ensure that the average user is familiar with additional security measures and benefits provided by 2FA.
A study by Verizon, concerning breaches involving hacking, states that 80% of breaches are caused by passwords. The most common methods for compromising accounts are lost or stolen credentials and brute force attacks.
A study by Ponemon Institute discovers that more than half of the respondents want passwords out of the picture. The research also states what motivates users to switch to alternative authentication methods. They recognize that passwords provide insufficient security levels, they're frustrated with frequent password resets, and they don't enjoy the overall user experience the password provides.
The average user is aware of today's cyber security threats landscape. Along with enabling user smooth user experience, companies also need to gain the user's trust in terms of implemented security measures.
Following, a Google online security survey states that 13% of users use the same password for all accounts, including their email.
Companies dealing with sensitive data such as personal and financial information need to enforce secure password management policies. Implementing password-based authentication without requiring mandatory password renewals opens doors for brute force attacks based on exposed user credentials. Protecting your account with the same string of characters can soon prove to be a mistake.
That is 280 days of detecting and mitigating security implications, contrary to devoting the same amount of time to building a rock-solid security infrastructure. As mentioned, 80% of data breaches are caused by passwords. By eliminating passwords through the implementation of sophisticated means of authentication, you're investing in bulletproof security and reducing data breach-related costs.
Password manager apps come in handy in such cases. But what if a bad actor gains access to the password manager? Moreover, what if the password manager requires another password to protect the ones that are stored on the app? We'd end up in an endless loop of passwords and password managers.
LastPass warns us how users tend to make a U-turn in case they're aware that they won't be able to access an account on their first attempt. They turn their heads to the competition, possibly offering more sophisticated means of authentication than the standard password.
The same study by Ponemon Institute also reveals that 55% of users have the same beliefs regarding passwordless authentication.
Showcased numbers point out how passwords make a weak security infrastructure and can not be relied upon. It is no longer a matter of whether an account will be compromised; the question is when the account will be compromised. A proactive approach that simultaneously heightens security, implements MFA, and eliminates passwords lies in passwordless authentication. To get more insight on how passwordless authentication works and what are the business benefits that come with it, take a look at our latest blog post.
In case you're curious, feel free to contact us - zero obligation. Our ASEE team will be happy to hear you out.