Passwords dominate despite rise in alternative authentication methods
Keeper Security, a leading force in the realm of zero-trust and zero-knowledge cybersecurity software, has released a report in collaboration with S and P Market Intelligence that paints a fascinating picture of the present state of digital authentication. Even as the digital landscape evolves, username-password combinations continue to be the predominant form of authentication for organisations, with a sizeable 58% still relying on this traditional method.
Darren Guccione, the CEO and Co-Founder of Keeper Security, reflected on this trend, noting, "Passwords continue to reign supreme as organisations struggle to balance security with simplicity, cost of ownership and flexibility– particularly in hybrid working environments." The challenges faced by organisations in this context are multifaceted. Single sign-on (SSO) solutions and passwordless authentication might seem like the future, but their limited universal support introduces potential vulnerabilities. Guccione elaborated, "SSO and passwordless authentication– although effective– are not universally supported, and therefore, create security holes that leave organisations vulnerable."
So, why does the humble password remain so central to our digital lives? Part of the reason is the ongoing quest for a balance between security, ease of use, and cost-efficiency. The S and P Market Intelligence Business Impact Brief highlights the importance of comprehensive password management policies, given the enduring reliance on username-password combinations. Such policies are vital in ensuring that employee password practices are robust and secure. Moreover, password managers have emerged as invaluable tools, aiding both IT administrators and general users in creating, managing, and storing passwords, as well as in handling 2FA and MFA codes.
Another significant finding from the report reveals that while password and username combinations are the most popular, other authentication methods are also gaining traction. Mobile push-based MFA comes in second at 47%, followed by SMS-based MFA at 40% and biometrics at 31%. Many organisations are even integrating multiple authentication factors alongside the traditional password and username pairing, underlining the growing significance of such integrative solutions.
Recent momentum from the Fast Identity Online (FIDO) Alliance indicates that passkeys, a type of passwordless authentication, are starting to find their footing in the market. With tech giants like Apple, Microsoft, and Google showing support, there's hope for passkeys to make a bigger splash in the near future. Yet, these passwordless credentials still face challenges in terms of widespread enterprise adoption.
Guccione pointed out the slow uptake of passwordless options, saying, "While passkeys present enticing security benefits, websites have been slow to support them for a variety of reasons." He emphasised the sheer number of websites in existence, over a billion, and the consequent uphill battle for any passwordless method aiming to achieve widespread adoption. "As password and username combinations will remain a key part of the enterprise landscape for the foreseeable future, password management solutions that integrate and support a wide range of authentication methods, whilst ensuring security and cyber hygiene, will be important for all organisations to boost cyber resilience," Guccione concluded.
This report from Keeper Security underscores the persistent importance of passwords in our digital age, even as new technologies emerge and evolve. It serves as a reminder that while innovation is crucial, sometimes the tried and tested methods continue to hold their ground.