For many years, passwords have been the de facto method for securing online identity. However, they have failed miserably.
Okta, which developes cloud-based identity solutions, recently commissioned research to highlight the effect that passwords are having on security as well as quality of life. Some 4 000 individuals across the UK, France and the Netherlands were surveyed, and asked about the ways they keep their accounts and data safe.
The research revealed that the current and most prevalent method for securing apps, devices, systems and accounts is passwords, a method it deems inadequate as passwords are susceptible to hacking, encourage insecure behaviour from users, and cause password fatigue in a world where every individual needs to remember multiple passwords for each Web site, programme, bank account, loyalty programme, application and more.
Alarmingly, 34% of those surveyed said they use the same passwords for multiple accounts, 26% admitted to writing them down on paper, 17% type them on their phone or computer, and 6% confessed to using well-known passwords.
In addition, the research showed that 78% of respondents use an insecure method to help them remember their password, a number that rises to 86% among those aged 18 to 34.
“This is surprising considering how young people are thought to be more tech-savvy, and, therefore, more cyber security-savvy,” says Okta. “However, this may also be because this age group generally uses more apps, devices and technologies that require passwords, and they have to rely on other methods to help them remember them.”
The research also revealed that on average, respondents have to remember 10 passwords in everyday life, and forget an average of three passwords in a typical month. To make matters worse, it showed that passwords containing sensitive information are changed infrequently, with work passwords changed only three times a year, and others such as bank accounts, phone PINs, personal emails and social media accounts changed just once a year on average.
Security mustn’t dependent on letters or numbers
Okta says it believes a world where security isn’t dependent on letters or numbers that can easily be manipulated is possible, and this is where identity comes in.
The company believes 2019 will be a turning point in security, which will begin to be based on individual identities and completely password-less; identity will play an essential role in enabling organisations to build trust.
The company is combining its single sign-on and adaptive multi-factor authentication (MFA) capabilities with industry-standard authenticators with biometrics, which will enable passwords at organisations to be replaced with a combination of a fully contextual risk assessment and WebAuthn – a new W3C global standard for secure authentication on the Web – authenticators that are highly resistant to phishing and can be neither circumvented nor cloned.
Companies can leverage the devices that users are already carrying in a highly secure way that still respects their privacy and doesn’t reveal any information about who else they might be communicating with or the apps they might be using.
Share