itb-nz logo
Story image

Yubico report reveals troubling password behaviour

30 Jan 2019

Yubico, the provider of hardware authentication security keys, has released th results of the company’s 2019 State of Password and Authentication Security Behaviours Report, conducted by the Ponemon Institute. 

The Ponemon Institute surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France, although the results have global implications.

Yubico states that the purpose of this study is to understand the beliefs and behaviours surrounding password management and authentication practices for individuals both in the workplace and at home. 

It adds that the goal was to understand if these beliefs and behaviours align, and why or why not. 

The conclusion is that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short. 

Both parties are in dire need of solutions that will offer both added security and convenience.

“For decades, passwords have been the primary method of authentication used to protect data and accounts from unauthorised access. However, this multi-country research illustrates the difficulties associated with proper password hygiene,” says Yubico founder and CEO Stina Ehrensvard. 

“With every new password breach that we see, it’s become increasingly clear that new security approaches are needed to help individuals manage and protect their accounts both personally and professionally.”

Key findings from this research include:

  • 63% of respondents say they have become more concerned about the privacy and security of their personal data over the past two years. Respondents reported being most concerned with Social Security number or citizen ID, payment account details and health information.

The reason respondents reported being more concerned about their privacy was due to government surveillance (59%), and the growing use of mobile devices (51%) and connected devices (40%).

  • Almost half of the respondents (47%) say their companies are most concerned about protecting customer information and 45% of respondents say they are most concerned about protecting employee information. 
  • As cyber attacks become more prevalent, vulnerabilities created by poor password and authentication practices lead to attacks such as phishing. More than half of respondents (51%) say they have experienced a phishing attack in their personal life, while 44% of respondents have experienced a phishing attack at work.

However, while phishing attacks are occurring on a frequent basis, 57% of respondents who have experienced a phishing attack have not changed their password behaviours.

  • Approximately two out of three respondents (69%) admit to sharing passwords with their colleagues in the workplace to access accounts and more than half of respondents (51%) reuse an average of five passwords across their business and/or personal accounts.

Furthermore, added protection beyond a username and password, in the form of two-factor authentication, is not widely used. 67% of respondents do not use any form of two-factor authentication in their personal life and 55% of respondents do not use it at work.

  • It is increasingly clear that new security approaches are needed to help individuals manage and protect their passwords both personally and professionally. On average, respondents report having to spend an average of 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords.

Based on the average headcount in this research of almost 15,000, we estimate the annual cost of productivity and labour loss per company averages $5.2 million annually.

  • Because managing passwords is inconvenient and cumbersome, 57% of respondents expressed a preference for passwordless logins that protect their identity. 56% of respondents believe that a physical hardware token offers better security.

Beyond the above-listed highlights, the full 2019 State of Password and Authentication Security Behaviours Report delivers further statistics based on the following themes.

  • How privacy and security concerns affect personal password practices
  • Risky password practices in the workplace
  • Authentication and account security in organisations
  • Differences in password practices and authentication security behaviours by age
  • Differences in password practices and authentication security behaviours by country

Data for this survey was collected by Ponemon Institute on behalf of Yubico. 

Ponemon Institute was responsible for data collection, data analysis and reporting.  

Ponemon Institute and Yubico collaborated on the survey questionnaire. 

All survey responses were captured from August 20 to September 4, 2018.

Story image
From 1G to 5G: How innovations in cellular have shaped our lives
As we look to the present decade from 2020 onwards, 5G will be at the forefront. The race for 5G is not about merely deploying new infrastructure, but getting the first-mover advantage in who can build and take the leadership role in the host of new applications and services that 5G will enable.More
Story image
Case study: MECCA has HCM makeover with Workday
The phased HCM makeover began in 2017, when the company made the decision to launch a three to five-year program to digitalise its human capital management technology so that it could simplify everyday requirements for its team members and enable them to self-serve. More
Story image
Frost & Sullivan: Nine growth opportunities out of COVID-19
As the industry has been reshaped by the global pandemic, a new report outlines how to stay ahead in the digitally-driven future.More
Link image
Track, analyse, act: The e-commerce metrics you need
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metrics.More
Download image
Equinix study: Firms turn to NFV to support distributed networks
Decision-makers looking for a solution that virtualises a wide range of network functions should evaluate NFV, study finds.More
Story image
Transform your home office tech to look and sound like a pro
AVerMedia's Live Streamer Cam and the AM310 USB Microphone could be exactly what you need.More