Thales has turned its attention to the U.S. and Brazil in its latest Access Management Index. The company previously looked at Europe and the Middle East, and found that many organizations still relied too heavily on passwords despite the known security risks.

The findings were similar in the U.S. and Brazil. The new report found that 41 percent of the respondents believe that passwords are one of the more effective forms of access management, a number that eclipses the 29 percent figure for Europe and the Middle East.

Thales surveyed 300 IT professionals in the U.S. and Brazil to generate the results. Sixty-eight percent of the U.S. respondents believed that unsecured infrastructure was the most appealing target for cybercriminals, edging out cloud apps (58 percent) and web portals (52 percent).

The vast majority (94 percent) of respondents acknowledged that their organization had been forced to change its security policies in response to a data breach in the past 12 months. They were also worried about protecting organizational resources in the midst of accelerating cloud adoption. Two-factor authentication (66 percent), single sign on (43 percent), and biometrics (39 percent) were the most popular forms of cloud security.

“Organizations that utilize passwordless authentication to scale secure cloud adoption will be able to meet the increased need for improved security,” said Thales Access Management VP Francois Lasnier. “The elimination of username and passwords as a sole method of authentication and broader use of smart single sign on will result in a greater level of security and convenience as more applications are delivered from outside the security perimeter.”

Thales noted that most (58 percent) organizations allowed employees to use vulnerable social media credentials to access work materials. Though there is some variance in the numbers, the overall trend is is in keeping with similar reports from LastPass and Yubico, which have shown that many people still reuse the same password for multiple accounts.