Password management habits you should unlearn

Despite advancements in security technology, many individuals and organizations continue to rely on outdated and vulnerable authentication methods, leaving themselves exposed to cyber threats. This ongoing reliance on insecure methods has led to a steady rise in fraud, with weak password practices and password reuse contributing to a thriving market for stolen credentials.

In this article, find out more about the most prevalent authentication practices, their associated risks, and the necessity of implementing stronger security measures.

The most common authentication method is also the least secure

Yubico | 2024 Global State of Authentication | September 2024

• 39% think username and password are the most secure and 37% think mobile SMS based authentication is the most secure, both of which are highly susceptible to phishing attacks.
• When looking at the security aspect of onboarding employees, 34% said they did not receive instructions to secure their work accounts with more than just a username and password when they first started at the company they work for.

Old methods, new technologies drive fraud losses

Experian | 2024 U.S. Identity and Fraud Report | August 2024

• Currently, multifactor authentication (48%) and the use of passwords (45%) are the most used fraud prevention methods.
• Among the methods used most recently, physical analytics (71%), PINs sent to a mobile device (70%) and behavioral analytics (66%) evoke the highest sense of security for consumers, with security questions (63%) and passwords (58%) rounding out the top five.

Most people still rely on memory or pen and paper for password management

Bitwarden | World Password Day Survey 2024 | April 2024

• 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%).
• 54% of individuals rely on memory and 33% use pen and paper to manage their passwords at home.
• 19% of global users admitted to having experienced a security breach or data loss due to their password habits, and 23% confirmed their passwords had been stolen or compromised in the past.

Longer passwords aren’t safe from intensive cracking efforts

Specops Software | 2024 Specops Breached Password Report | January 2024

• 88% of organizations still use passwords as their primary method of authentication.
• 40,000 admin portal accounts were found to be using ‘admin’ as a password, and only 50% of organizations scan for compromised passwords more than once a month.
• Verizon estimates stolen credentials are involved in 44.7% of all data breaches, and we know there’s a thriving underground marketplace for stolen data and credentials.

Cybercriminals use cheap and simple infostealers to exfiltrate data

SpyCloud | 2024 SpyCloud Identity Exposure Report | March 2024

• Researchers recaptured nearly 1.38 billion passwords circulating the darknet in 2023, an 81.5% year-over-year increase from 759 million in 2022.
• Within these passwords, the report finds a 74% password reuse rate for users exposed in two or more breaches in the last year—a 2 point increase from the prior year.
• Password reuse rates for .gov users increased this year, rising to 67% from 61% in 2022.