Yubico Report Finds Many Businesses Still Have Bad Password Behavior

Yubico Report Finds Many Businesses Still Have Bad Password Behavior

Yubico has released its second annual report on people’s Password and Authentication Behaviors. The 2019 edition of the report found that while many IT professionals are aware of the latest security protocols, many have not yet taken the steps necessary to make their workplace (or their home) more secure, largely due to matters of convenience. 

The new report shows that that trend continued into 2020. Both individuals and IT professionals reused the same password across multiple workplace accounts, with IT professionals doing so even more frequently (50 percent) than the general population (39 percent).

In many cases, businesses and IT professionals had also failed to update their bad behavior despite going through an adverse security event. Twenty percent of IT professionals had experienced an account takeover (compared to 35 percent of individuals), but only 65 percent of those professionals had changed their security practices as a result (compared to 75 percent of individuals). The findings were similar at the organizational level, with only 53 percent changing their password or account management settings when the business was compromised through a phishing attack, credential theft, or some other means.

Other practices were similarly out of date. Approximately half of all respondents had shared workplace passwords with their colleagues, and were resistant to password managers. Meanwhile, the majority of IT professionals (62 percent) indicated that their organization had not taken any steps to secure mobile devices that employees were using for work activities.

Despite their concerns about personal information, many organizations (25 percent) were also not planning to implement two-factor authentication for customer accounts. Of those, 47 percent indicated that it would create an undue hardship for their customers.

“People do not want to be burdened with security — it has to be usable, simple, and work instantly,” said Yubico CEO and Co-Founder Stina Ehrensvärd. “With the availability of passwordless login and security keys, it’s time for businesses to step up their security options.”

The report found that 56 percent of individuals would be willing to adopt security measures that were safer and more convenient than the existing alternatives. There was majority support amongst individuals and IT professionals for biometrics (respectively 53 and 65 percent) and hardware tokens (52 and 56 percent).

The report was conducted in collaboration with the Ponemon Institute, which surveyed more than 3,000 IT professionals and individual users from Australia, France, Germany, Sweden, the US, and the UK.