Even in the future, passwords will remain
Keeper Security, provider of zero-trust and zero-knowledge solutions for protecting credentials, privileged access and remote connections, has released a report from S&P Market Intelligence. This shows that username and password combinations are still the most common form of authentication used in enterprises.
The most common form of authentication in most organizations is username and password combinations (58 percent). The next most popular forms of authentication are mobile push-based multi-factor authentication (MFA) (47 percent), SMS-based MFA (40 percent) and biometrics (31 percent). "Passwords continue to be the most widely used as organizations seek a balance between security, simplicity, operational cost and flexibility - especially in hybrid work environments," said Darren Guccione, CEO and co-founder of Keeper Security. "SSO and passwordless authentication - while effective - are not widely supported and therefore create security gaps that leave organizations vulnerable. For organizations still relying on the combination of password and username, or a hybrid model of passwords and passwordless technologies, it's critical that they are managed appropriately and securely."
Password management increases security for all authentication methods
The S&P Market Intelligence Business Impact Brief shows that the widespread use of username-password combinations requires comprehensive password management policies for organizations to ensure that employee password practices are as secure as possible. Password managers make it easy for both IT administrators and end users to create, rotate and store passwords, as well as 2FA and MFA codes. Many organizations use a combination of multiple authentication factors to supplement password and username combinations, making password management integration an even greater necessity.
The "Passkey" is here
Largely due to the momentum of the Fast Identity Online (FIDO) Alliance, Passkeys are gaining traction as a form of passwordless authentication supported by Apple, Microsoft and Google. Passkeys are passwordless credentials that make it much easier for consumers to adopt FIDO-based authentication systems. However, in terms of enterprise adoption, Passkeys are still at an early stage.
"Although passkeys offer tantalizing security benefits, websites have been slow to support them for a variety of reasons. With more than a billion websites, there is still a long way to go before a passwordless option becomes ubiquitous," Guccione said. "Since the combination of password and username will remain an important part of the enterprise landscape for the foreseeable future, password management solutions that integrate and support a wide range of authentication methods while ensuring security and cyber hygiene are important for all organizations to increase cyber resilience."
Source: www.keepersecurity.com
