Cloud workers are still concerned about password security, according to recent industry data from Beyond Identity.
At Cloud Expo Europe, over 150 cloud industry experts were surveyed, and 83% were confidence in password security, with 34% highly confident. Despite the fact that 80% of cyberattacks use compromised identities and weak passwords.
The survey found that password hygiene standards frustrate cloud workers. 60% of respondents found it tough to remember several passwords, 52% to routinely change their passwords, and 52% to pick lengthy passwords with digits and symbols.
Cloud pros’ regular password use underscores these issues: 26% use 4-5 passwords daily, while 10% use 10 or more. 38% of organizations encourage quarterly password changes, 27% monthly, and 6% daily or weekly. This is difficult for little security.
“Widespread user frustration represents a dangerous situation for organizations using password-based systems to protect their data in the face of continued phishing attacks,” said Beyond Identity Chief Marketing Officer Patrick McBride.
“This survey shows an alarming displaced confidence from cloud professionals—the bottom line is you can’t have effective security and advance to meet the promise of Zero Trust Security if you are still using passwords.”
MFA trust
Cloud pros (74%) say routinely changing passwords is excellent cybersecurity practice despite continuous assaults on credentials and dissatisfaction over password hygiene rules. The most common MFA is a Mobile Authenticator App, used by 82% of cloud companies.
55% were “very confident” in MFA as a security solution. Despite the high-profile incidents of Coinbase, Twilio, Reddit, Uber, and Okta, there have been an alarming number of successful MFA bypass attempts in the past year.
Cyber threat actors have made IT passwords obsolete after 60 years. “With MFA-bypass attacks on the rise, it’s essential to move beyond first-generation Multi-Factor Authentication (MFA) that uses one-time-passwords and push notifications and adopt next-generation ‘phishing-resistant’ MFA for a more effective cyber risk defense,” said McBride.
Good MFA must be distinguished from old password-based MFA. The FIDO Alliance (Fast Identity Online) has created standards to address password vulnerabilities, and government leaders increasingly support FIDO-based solutions.
These core mechanisms are necessary to eliminate breach risk. McBride said, “This research shows that cloud organizations must update their outdated systems and focus on passwordless authentication and phishing-resistant MFA.”
CEO: Passwords “the root of all evil”
Technology Magazine interviewed Beyond Identity CEO Tom “TJ” Jermoluk earlier this year on the company’s founding and why passwordless is the future of security.
He stated passwords are the source of all cybersecurity issues. “Trust in corporate networks has never been more important and passwordless authentication is a huge industry advance.”
