A new industry study reveals that half of cloud professionals surveyed are frustrated with password hygiene requirements. But the experts want to stick to the passwords, although there are secure alternatives with MFA. A survey at Cloud Expo Europe provides information.
Even most cloud professionals still cling to the use of passwords, despite their well-known security vulnerabilities, their value as a target for cybercriminals, and widespread user frustration with the complexity of proper password management. That's according to a new industry study by Beyond Identity.
Passwords: Cloud professionals believe in security effectiveness
The survey of more than 150 cloud industry professionals, conducted at the recent Cloud Expo Europe, found that more than four-fifths (83 percent) of cloud professionals believe in the security effectiveness of passwords, with more than a third ( 34 percent) indicate that they are very confident in passwords. And this despite the fact that insecure password practices regularly lead to cyber attacks worldwide - 80 percent of all breaches can be traced back to compromised identities.
Widespread user frustration with password hygiene
However, the study also revealed a number of frustrations about sanitation requirements for password-based systems. More than half of the respondents (60 percent) find it frustrating to have to remember multiple passwords, 52 percent bother that they have to change their passwords regularly, another 52 percent are frustrated that they choose long passwords with numbers and symbols must.
The number of passwords used daily by cloud professionals further underscores these challenges: A quarter of respondents (26 percent) use four to five passwords. 10 percent even use ten or more passwords every day. In addition, many companies require frequent password changes: 38 percent recommend quarterly updates, 27 percent monthly changes, and XNUMX percent even daily or weekly changes. This tedious task brings only minimal security benefits.
Phishing: Cyber criminals hunting for passwords
The survey also shows the value of passwords as a target for cybercriminals with the prevalence of phishing attacks. When asked if they've ever received a phishing email that they've reported to their security team, more than a third of cloud professionals said they had one to three, 18 percent four to six, and almost a quarter ( 23 percent) marked seven or more. Worse still, 11 percent received a phishing email but didn't flag it, and a fifth (20 percent) of respondents just aren't sure they've accidentally clicked on a phishing link before. In addition, almost a fifth (19 percent) said colleagues have clicked on a phishing email, and more than a quarter admitted to having done so themselves. Eleven percent said it happened more than once and five percent even regularly.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Confidence in passwords despite security risks
Chris Meidinger, Beyond Identity, Technical Director, EMEA (Image: Beyond Identity).
Despite ongoing attacks on credentials and frustration with password hygiene requirements, the majority of cloud professionals (74 percent) still believe that changing passwords regularly is good cybersecurity practice. Most cloud organizations (82 percent) use multi-factor authentication (MFA) as an additional layer of authentication, with the most popular MFA being a mobile authenticator app.
When asked about their opinion on MFA, the general opinion was positive, with more than half (55 percent) saying they were “very confident” in this security measure. Despite an alarming number of successful MFA bypass attacks over the last year, most notably in the high-profile cases from Coinbase, Twilio, Reddit, Uber, and Okta.
More at BeyondIdentity.com
About Beyond Identity Beyond Identity revolutionizes secure digital access for internal employees, external and outsourced employees, customers and developers. Beyond Identity's Universal Passkey architecture provides the industry's most secure and frictionless multi-factor authentication, preventing credential-based security breaches, ensuring device trust, and enabling secure and frictionless digital access that completely eliminates passwords.