A survey of 1.010 employees reveals common mistakes and problems related to passwords. 45 percent of employees in German companies would like an alternative to the password.
Almost every fifth German uses the names of pets, children or their favorite football club as passwords. This is according to a study by Beyond Identity, the invisible multi-factor authentication (MFA) provider. More than 1.000 German employees were asked about password hygiene and the most common mistakes made when using passwords were made visible.
The most important results at a glance
- 42 percent of those surveyed have experienced their password being compromised more than twice.
- Only 52 percent of Germans consider their professional and private passwords to be very secure.
- Every fourth person always uses the same personal passwords.
- Every third person writes their professional passwords on a piece of paper.
Passwords – and not just weak ones – leave users vulnerable and are one of the most popular ways for criminals to hack into corporate networks and personal accounts. This is also confirmed Verizon 2022 Data Breach Investigations Report: According to this, 80 percent of hacker attacks are due to weak and compromised passwords. And the current survey by Beyond Identity has also shown that almost everyone has had their password cracked at some point. 42 percent of those surveyed had already been affected more than twice, and 7 percent had been affected more than ten times.
The same password is often used
The results show that many users are either still using outdated password protocols or are completely ignoring best practices for access management. This suspicion is underscored by the fact that half of respondents admitted they continue to reuse or cross-account passwords, and 14 percent share their passwords with colleagues. Another 26 percent said they don't use strong and unique passwords across their various work applications. What is particularly startling, however, is that one in ten (11%) never change their work password.
Says Tom Jermoluk, CEO of Beyond Identity, “Password security practices are obsolete, but users continue to adhere to them. So it's easy to blame them when companies shouldn't be encouraging the use of passwords anymore. Passwords do not offer reliable protection against attacks and it is time that users realized that they need to say goodbye to passwords as they are just a security hole and leave users vulnerable to attacks.”
When a post-it is preferred to a password manager
The survey also shows some negligence when it comes to saving and passing on passwords: One in three writes down their password for work, 9 percent save passwords in a file on their computer and 8 percent even send them by e-mail. Considering that there are numerous alternative convenient security and access solutions these days, this behavior is all the more incomprehensible.
Passwords are insecure, no matter how long and complicated they are
When asked whether the length and complexity of a password is a sign of its security, 86 percent of Germans agreed, while 81 percent believed that changing passwords regularly increases the security of their applications.
A total of 68 percent of those surveyed revealed that they use random words for their passwords that have no personal connection. However, another 22 percent do not follow this well-known safety recommendation.
“Passwords are inherently insecure. Regardless of whether users regularly change or renew their passwords. It also doesn't matter if the password is 10 or 1000 characters long or contains numerous symbols. For example, if a user is fooled by a phishing email, the complexity of their password is irrelevant. As long as passwords are used, they will also be stolen and cracked,” explains Jermoluk.
Biometrics are becoming more and more accepted
On a positive note, attitudes towards authentication technologies have changed: 45 percent of respondents said they felt more secure using biometric or other forms of authentication than passwords. It is all the more important that companies begin to recognize the need for alternative password protection solutions and implement them across the board.
“Companies must work together to make their authentication processes more secure. The best way to solve the password problem is to get rid of them altogether,” says Jermoluk. Gartner predicts that by 60, 90 percent of large and global enterprises and 2022 percent of midsize companies will implement passwordless protection and rely on MFA and other security solutions in more than 50 percent of use cases. "Passwordless, tamper-proof multi-factor authentication means the risk of password-based attacks is eliminated," says Jermoluk.
More at BeyondIdentity.com
About Beyond Identity
Beyond Identity provides an invisible, untamperable MFA platform that is fundamentally changing the way the world logs in and authenticates. This not only stops ransomware and account takeover attacks immediately, but also significantly improves the user experience. Beyond Identity's state-of-the-art platform eliminates the need for passwords and other manipulable factors, allowing organizations to reliably verify the identity of their users.