Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

One in four Brits use pets, kids or favourite football team name as passwords, Beyond Identity study reveals

May 2022 by Beyond Identity

One in four British people use the names of pets, children or their favourite football team in passwords. This is according to a study from the invisible multi-factor authentication (MFA) provider Beyond Identity, which quizzed 1,000 British people about password hygiene, highlighting the common pitfalls associated with password usage.

Passwords, not just weak passwords, leave users vulnerable to attack and are one of the most popular ways for criminals to hack into both business networks and consumer accounts. In fact, the Verizon 2019 Data Breach Investigations Report found that 80% of hacking-related breaches leveraged weak and compromised passwords. Beyond Identity’s own study revealed that 5% of respondents said their password had been breached more than 10 times.

These findings also suggest that many users are still either following outdated password protocols or ignoring best practice in security access management altogether. This is highlighted by the fact exactly half of respondents admitted that they still reuse passwords and 14% share passwords with co-workers.

A further (26%) of respondents admitted to not using strong and unique passwords for their varying work applications and worse still, one in ten (11%) never change their work password. Around a quarter, 24% maintain the same personal passwords.

Tom Jermoluk, CEO of Beyond Identity, said: “Password security practices are redundant, but users continue to follow these and it’s easy to apportion blame onto the user when ultimately, organisations should stop encouraging password usage. Passwords are not a reliable way to protect against attack and it’s about time users recognised the need to move beyond passwords as they are no more than a security liability leaving users vulnerable to attack.”

The survey also found that when it comes to storing passwords, 20% of respondents wrote them down, one in 10 (10%) stored them in .doc files on their computer and 7% emailed passwords to themselves. This is hugely detrimental considering the insecurities presented with storing and saving passwords, particularly with so many alternative security and access solutions available.

When asked if the length and complexity of a password was a sign that it was secure, 91% of UK people agreed, whilst 87% agreed that changing passwords more regularly made their applications safer.

A total of 76% of surveyed respondents agreed that they use random words, not including any personal phrases, in their passwords. However, 6% said they “strongly disagreed” with this statement and 17% disagreed that they use random words despite this being encouraged as a security practice.

“Passwords are fundamentally insecure. Whether users regularly change their passwords, or extend the length, it doesn’t matter if your password is 10 or 1000 characters long, or contains numerous symbols - if a user is tricked by a phishing email for example, the complexity of their password is irrelevant. As long as passwords are being used, they will be stolen and breached” Jermoluk added.

Despite all this, 70% of Brits surveyed believe their work and personal passwords to be very secure, with 1% saying they are “not secure at all”. However, the largest companies in the study had more than 5,000 employees, which means they could have 50 staff with insecure passwords at any one time – which is more than enough to pose a threat to the organisation’s security.

Positively, the survey also revealed changing attitudes to authentication technologies with half (52%) of respondents noting they would feel more secure using biometrics or other forms of authentication than passwords. This is a huge step forward as businesses begin to recognise the need for alternative solutions to password protection.

“Organisations need to make a concerted effort to ensure their authentication processes are more secure. The best way to solve the problem with passwords is to abolish them altogether. Gartner predicts that 60% of large and global enterprises and 90% of midsize enterprises will implement passwordless protections by 2022, turning to MFA and other security solutions in more than 50% of use cases. Passwordless, unphishable multi-factor authentication means the risk of password-based attacks is eliminated”, said Jermoluk.




See previous articles

    

See next articles