Username-password combinations are still the most widely deployed form of authentication deployed in a majority of organizations (58%), a report from cybersecurity solutions provider Keeper Security said.
Kepper Security recently released the S&P Market Intelligence report which also said that the next most popular forms of authentication are mobile push-based MFA (47%), SMS-based MFA (40%), and biometrics (31%).
“Passwords continue to reign supreme as organizations struggle to balance security with simplicity, cost of ownership and flexibility – particularly in hybrid working environments,” Darren Guccione, CEO and co-founder of Keeper Security said.
“SSO and passwordless authentication – although effective – are not universally supported, and therefore, create security holes that leave organizations vulnerable. It is crucial for organizations still relying on the password and username combination, or a hybrid model of passwords and passwordless technologies, to ensure they are managed appropriately and securely.”
The report indicates that the widespread use of username-password combinations requires organizations to have comprehensive password management policies in order to ensure employee password practices are as secure as possible.
Password managers make it easier for both IT administrators and end users to create, rotate and store passwords, as well as 2FA and MFA codes. In fact, many organizations use a combination of multiple authentication factors to complement password and username combinations, making this integration even more of a necessity.
Largely due to momentum of the Fast Identity Online (FIDO) Alliance, passkeys as a form of passwordless authentication are gaining traction with support from Apple, Microsoft and Google. Passkeys are passwordless credentials that make it substantially easier for consumers to adopt FIDO-based authenticators. However, in terms of enterprise adoption, passkeys are still in the very early stages.
“While passkeys present enticing security benefits, websites have been slow to support them for a variety of reasons. With more than a billion websites in existence, there is a long path ahead for any passwordless option to become ubiquitous,” said Guccione.
“As password and username combinations will remain a key part of the enterprise landscape for the foreseeable future, password management solutions that integrate and support a wide range of authentication methods, whilst ensuring security and cyber hygiene, will be important for all organizations to boost cyber resilience.”
