A survey carried out by Sestus at last month’s Infosecurity Europe of over 300 IT professionals has shown that human behaviour when it comes to passwords has failed to progress over nearly two decades, with an alarming 67% of users reporting they still keep passwords on Post-It Notes.
Worse still, nearly all of the respondents (97%) said they know that passwords make their systems vulnerable and pose a serious risk when accessing web applications. And yet we still use weak, static passwords for business critical applications, despite 66% of IT professionals saying that the average hacker could break a typical user’s password within minutes.
“This survey highlights the real disconnect users have when it comes to their password security. Users understand that they are vulnerable because of easy access to weak passwords, yet they continue to fail to protect those passwords; and this is something that hasn't changed in over 15 years,” said Thomas Capola, CEO of Sestus. “All the training and user education in the world doesn’t seem to deter people from using static passwords and keeping them stored in obvious places around the office.”
Interestingly, 32% of the survey respondents like the idea of introducing biometrics as an alternative security measure – such as iris or finger scanning and 92% would buy multi-factor authentication as a preferred method if the price was right. Therefore, it’s no surprise that 60% of users believe that the days of password-only authentication have ended, with almost half opting for two or more levels of authentication.
“What Sestus has done is to recognise that in order to eradicate the password problem completely, there needs to be a better option – one that is simple for users and one they can trust to give them the most secure web experience,” Mr. Capola continued. “Multi-factor authentication with Virtual Token® does just that by removing the password insecurity factor and making sure the session is secure right from the start through device and browser authentication.”