A new study finds that 26 percent of UK respondents admit to not using strong and unique passwords for their various work applications.
Worse still, the report, from MFA provider Beyond Identity, shows 11 percent never change their work password, while almost a quarter (24 percent) maintain the same personal passwords.
The names of dogs, children and football teams remain popular password choices with one in four of the 1,000 people surveyed saying they use these. It’s perhaps not surprising then that five percent of respondents say their password has been breached more than 10 times.
“Password security practices are redundant, but users continue to follow these and it’s easy to apportion blame onto the user when ultimately, organizations should stop encouraging password usage,” says Tom Jermoluk, CEO of Beyond Identity. “Passwords are not a reliable way to protect against attack and it’s about time users recognized the need to move beyond passwords as they are no more than a security liability leaving users vulnerable to attack.”
When it comes to storing passwords, 20 percent of respondents write them down, one in 10 store them in .doc files on their computer and seven percent have emailed passwords to themselves.
There are some positive findings, a total of 76 percent of respondents say that they use random words, not including any personal phrases, in their passwords. There are also changing attitudes to authentication technologies with over half (52 percent) of respondents saying they would feel more secure using biometrics or other forms of authentication than passwords.
“Organizations need to make a concerted effort to ensure their authentication processes are more secure. The best way to solve the problem with passwords is to abolish them altogether. Gartner predicts that 60 percent of large and global enterprises and 90 percent of midsize enterprises will implement passwordless protections by 2022, turning to MFA and other security solutions in more than 50 percent of use cases. Passwordless, unphishable multi-factor authentication means the risk of password-based attacks is eliminated,” adds Jermoluk.
You can read more on the Beyond Identity blog.