A majority (58%) of organisations still use username-password combinations, making it the most widely deployed form of authentication according to an S&P Market Intelligence report.
“Passwords continue to reign supreme as organisations struggle to balance security with simplicity, cost of ownership, and flexibility– particularly in hybrid working environments,” said Darren Guccione, CEO and co-founder of Keeper Security.
Securing passwords
New York University (NYU) acknowledged how strong passwords can keep data and information safe and recommended creating strong passwords to ensure cybersecurity.
A strong password has 4 criteria—long, complex, unique, and secret. The educational institution recommends passwords that are 14 characters long, with varying character usage and alternating between uppercase, lowercase, numbers, and special characters. NYU suggests changing passwords once a year or 90 days for high-security accounts.
Reusing previous passwords or using variations of the same passwords are red flags to cybersecurity. NYU does not recommend using easily-guessed patterns and numbers such as the user’s birthday, full name, or keyboard patterns like ‘qwerty’. In terms of computer safety, NYU reminds users to never allow internet browsers to remember passwords and to never leave their computers unlocked or unattended.
A Norton study finds that in 2022, more than 24 billion passwords were compromised by malicious players. Additionally, more than 80% of cybersecurity breaches were caused by stolen, weak, or reused passwords.
Password management
Password management policies are highly encouraged for organizations to strengthen security by creating, rotating, and storing, not only passwords but also 2FA and MFA codes.
“As password and username combinations will remain a key part of the enterprise landscape for the foreseeable future, password management solutions that integrate and support a wide range of authentication methods, whilst ensuring security and cyber hygiene, will be important for all organisations to boost cyber resilience,” adds Guccione.
Next to passwords, the S&P Market Intelligence report revealed that the most popular forms of authentication are mobile push-based MFA (47%), SMS-based MFA (40%), and biometrics (31%).