Authentication security remains a cornerstone of any cybersecurity strategy, yet it is an area fraught with challenges. With increased sophistication in cyber threats, an expanding attack surface, and a growing number of vulnerabilities, organizations are grappling with ensuring secure and user-friendly authentication. Despite the emergence of advanced practices, there are still significant gaps where traditional methods must still be fortified, particularly in password-based authentication.
This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses. Based on responses from 483 cybersecurity professionals, the survey offers fresh insights into the state of authentication security in today’s organizations.
Key findings from the survey include:
• Current Authentication Practices: The survey reveals that usernames and passwords are still the mostprevalent authentication methods for organizations. Nearly 70% of organizations are still relying on username and password combinations for their employees and only 50% have adopted software tokens, such as one-time passwords, following cyberattacks.
• Authentication-Related Cyberattacks: A combined 47% of cyber attacks were focused on password credential vulnerability, using password spraying, credential stuffing, and brute force attacks. This will only continue to grow, as both the Verizon DBIR Report and the IBM Cost of a Data Breach Report find that compromised credentials are the top cause of a data breach.
• Security Incidents & Impact: Unauthorized access to systems impacts businesses significantly, causing reallocation of IT resources for incident response and remediation (28%), system or service downtime (26%), increased helpdesk workload (24%), and data breaches or leakage (22%), all resulting in significant financial loss and additional IT workload for businesses.
• Password Management: Most organizations still follow older password management strategies. 74% of organizations continue to require forced password resets every 90 days or less, generating a burden for employees. Periodic password reset is something organizations can eliminate for better security and to align with NIST to follow updated password policy recommendations.
• Security Awareness & Standards: Organizations are still learning about the updated NIST Guidelines for authentication. 54% learned about it less than a year ago and 33% are still unaware of the updated password recommendations.
This research was made possible through the support of Enzoic, a leading provider of authentication security solutions. Their invaluable support has enabled us to explore this crucial topic and provide actionable insights to organizations striving to improve their cybersecurity posture.
We believe the results of this survey offer a comprehensive overview of the state of authentication security today and that readers will find this report insightful and practical in their pursuit of stronger authentication security measures.
