Despite developments in identity management and authentication, recent research found passwords are still commonly used despite their vulnerabilities. Sponsored by MobileIron, Enterprise Management Associates security and authentication analyst Steve Brasen found that 42% of security teams report organizational security breaches due to user password compromise.
Additional findings of note:
- The username/password continues to be the dominant method of authentication used to access business devices, apps and data.
- The password is still the top attack vector for organizations of all sizes, with 42% of respondents indicating their organization had been breached as a result of a user password compromise.
- Poor password hygiene is also a top cause of data breaches, with 31% of respondents indicating their organization had been breached as a result of user credentials being shared with an unauthorized peer.
- Phishing attacks, which are designed to harvest employee credentials, are prevalent. Twenty-eight percent of respondents indicated their organization had been breached as a result of a successful phishing attack.
- IT and security managers are most confident in the ability of hardware tokens/security keys, thumbprints, and mobile devices to prevent access-based security breaches, compared to other authentication methods like passwords and PINs.
