Yubico has published the results of its 2019 State of Password and Authentication Security Behaviors Report, finding that while people are more concerned about digital privacy, many businesses and individuals have not yet updated their habits when using passwords to safeguard their information.

“For decades, passwords have been the primary method of authentication used to protect data and accounts from unauthorized access. However, this multi-country research illustrates the difficulties associated with proper password hygiene,” said Yubico CEO and Founder Stina Ehrensvard. “With every new password breach that we see, it’s become increasingly clear that new security approaches are needed to help individuals manage and protect their accounts both personally and professionally.”

The Yubico report was conducted by the Ponemon Institute, which interviewed thousands of IT professionals in France, Germany, the United States, and the United Kingdom. They found that even direct cyber attacks were not enough to trigger a serious change in behavior. More than half (57 percent) of those who had experienced a phishing attack had not changed their passwords as a result.

Other examples of bad behavior include reusing passwords and sharing passwords (51 percent and 69 percent of those surveyed, respectively), as well as the failure to use two-factor authentication in work and home situations (55 percent and 67 percent). The report estimates that the time spent entering and resetting passwords costs the average company about $5.2 million per year in lost productivity.

The report comes hot on the heels of similar reports from Javelin Research and Ping Identity, both of which found some cultural resistance to better authentication practices.