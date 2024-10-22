Cybersecurity Awareness Month : Are company over-reliante on user education? Yubico comment’s

October 2024 by Yubico

Cybersecurity Awareness Month is well underway, and while businesses appear to be doing more to help their customers take control of their digital safety, many may also be too reliant on them to heed security advice. Indeed, it’s important for users to keep abreast of the ever-evolving threats to their security and follow security recommendations. However, the primary responsibility in improving security for users lies with companies protecting their customers and employees. After all, if companies don’t offer stronger authentication methods, there is only so much that users can do to safeguard their own data.

Apple’s recent iOS 18 update* brought with it a built-in Passwords app that is now automatically installed on all iPhones that carry out the update. This is the company’s first password manager app, streamlining login and password management, making it easier to create and manage credentials across apps and websites.

However, while companies like Apple are making it easier to manage passwords, it is well known that although widely used, passwords are the least secure form of protection available and are often exposed in data breaches. Despite this, according to Yubico’s State of Global Authentication 2024 Survey**, 39 percent of respondents believe that simply using a username and password is the most secure way to protect accounts and information. In fact, a staggering 58 percent use only a username and password to protect their personal accounts.

While many web users are aware of the security vulnerabilities associated with their online accounts, they are not always aware of the strong authentication methods needed to protect their valuable personal information. In fact, 40 percent don’t think or aren’t sure if the online apps and services they are using are doing enough from a security standpoint to protect their data, accounts and personal information.

To combat this uncertainty and widespread lack of security, Niall McConachie, regional director (UK & Ireland) at Yubico, advises companies take a different approach to online security:

“The survey results show that, regardless of well-intentioned service upgrades, corporate cyber training, and customer education, consumers are still behind when it comes to following best-practice authentication methods to protect their data. Short of implementing a blanket ban on passwords across all online services, companies must be looking for ways to ensure that their authentication methods provide both high security and high convenience. Old habits die hard, so log-in processes must be made as simple as possible for consumers to forgo the passwords that they have used (and re-used) for so long.

“Ultimately, organisations must equip their employees and customers with phishing-resistant MFA and establish phishing-resistant account registration and user recovery procedures for all. This should be underpinned by using purpose-built and portable hardware security keys as the foundation for the highest-assurance security. Finally, organisations must employ technology-driven solutions that reduce the dependence on user education, while also providing essential education on the principles and advantages of phishing-resistant MFA for corporate and personal use.

“Secure authentication that protects users across all devices, platforms, and services no matter how they work is not a fantasy, but a necessity in today’s digital landscape. Phishing-resistance in registration, authentication, and recovery processes is absolutely vital for cultivating phishing-resistant users. Doing so enhances cybersecurity resilience, reduces reliance on reactive measures, and effectively safeguards sensitive data and operations. It all starts and ends with deploying the highest-assurance modern hardware security keys and saying goodbye to passwords and other weak authentication methods for good.”