New Global Survey from Yubico finds 59% of Employees Still Rely on Username and Password as Primary Method to Authenticate Their Accounts.
To kickoff Cybersecurity Awareness Month, Yubico brings top industry leaders together to reveal state of enterprise security.
In light of recent phishing-based cyberattacks and in recognition of Cybersecurity Awareness Month, Yubico, the leading provider of hardware authentication security keys, today shared the results of its inaugural State of Global Enterprise Authentication Survey 2022 at a security thought-leadership industry summit hosted by the company in its San Francisco office.
The survey, conducted for Yubico by Censuswide, polled 16,000+ employees across a variety of enterprises in eight countries* and asked about their perceptions and perceived challenges of MFA, security tools and internal security practices at their organization, and their recent experiences with cyberattacks.
While the survey revealed numerous interesting data points, these telling cybersecurity authentication and MFA trends surfaced to the top:
- 59% of employees still rely on username and password as their primary method to authenticate into accounts
- Nearly 54% of employees admit to writing down or sharing a password
- Over 22% of those surveyed still think username and password is the most secure method of authentication
- 61% of employees think their organization needs to upgrade to modern phishing-resistant MFA and 79% of VP-level staff want their organization to upgrade to modern phishing-resistant MFA (like hardware security keys)
- More than 54% of employees are not required to go through cybersecurity training on a frequent basis
- Over the last 12 months, nearly 57% admit to using a work issued device for personal use
- Within the last 2 years, nearly 40% of survey respondents admit to having broken their mobile phone and nearly 30% have lost it (a device organizations commonly use to authenticate)
“Cybersecurity Awareness Month brings global awareness for security hygiene, and is a good time for people and organizations to take action now to shore up their cybersecurity practices,” said Stina Ehrensvärd, CEO and co-founder, Yubico. “The results from Yubico’s global survey highlight the biggest concerns, challenges and real-world scenarios that organizations are facing globally when it comes to their cybersecurity efforts – including the continued reliance on legacy MFA solutions like one-time passwords. It’s a stark reminder of how far the enterprise still has to go to adopting and standardizing phishing-resistant MFA tools.”
The State of Authentication
To further foster conversations around the importance of modern authentication, Yubico brought together cybersecurity industry leaders for its inaugural YubiSummit event in San Francisco, which included leading organizations at the forefront of security, influencers and media for in-depth discussions around the top challenges facing enterprises today. In addition to Yubico executives CEO and Co-founder Stina Ehrensvärd, CISO Chad Thunberg, and Vice President Derek Hanson, attendees included Brave, Union Pacific Railroad, Defending Digital Campaigns, Microsoft, Google and Rachel Tobac, ethical hacker and CEO of SocialProof Security.
Some of the topics discussed at the YubiSummit included:
Move over passwords: passkeys are the new kid in town. After the findings of the survey were unveiled, Yubico’s Hanson shared information on demystifying the new term of passkeys including what they are, specific use cases and benefits, and what enterprises should consider between the use of passkeys and security keys.
“Seeing the results of the survey and then contrasting that data with what we’re hearing is happening to companies, it only re-emphasizes what we already know – that passwords are not enough and that not all MFA is created equal,”
said Hanson
“We’re excited about the arrival of passkeys to help make FIDO authentication globally accessible. It is important to understand how passkeys will impact your organization and what type of passkey is right for you. Passkeys by definition are passwordless-enabled FIDO credentials, but YubiKeys only create hardware-bound passkeys which are not copyable – ensuring the highest level of security for enterprises.”
What the hack: advice from an ethical hacker. Tobac debuted a video with Yubico, demonstrating how cyber criminals hack by tricking people. The video highlights an attack vector seen frequently in recent news stories in which an employee is tricked into going to a malicious link, putting in their username and password and handing their 2FA codes to the attacker – all within a few seconds. She discussed the evolution of cyber-attacks and the importance of deploying modern MFA, like a YubiKey, to stop attackers in their tracks during a hack.
“If your threat model is elevated because you have admin access at work, are in the public eye, or being targeted/harassed, it’s essential to consider FIDO security keys to prevent the most common attacks we’re seeing in the news right now,”
said Tobac
Our corporate responsibility: protecting those at risk around the world. Mary Mangione, Yubico’s Senior Communications and Brand Manager and lead for its philanthropic program, Secure it Forward, was joined by experts from Google, Microsoft and Defending Digital Campaigns to discuss protecting high risk users across journalism, civil society, and politics. The conversation focused on the importance of companies partnering to leverage joint resources to keep these vulnerable populations secure.
“Collaborating with organizations like Google, Microsoft and Defending Digital Campaigns allows us to better protect high risk users and organizations that need it most,” said Mangione. “At Yubico, our Secure it Forward program provides YubiKeys on a global scale at no-cost to help equip journalists, political organizations and nonprofits with strong security.”
To see the results of the survey and download the report, visit here.