Weak login authentication methods the norm at work and home: report

Sophisticated online fraud attacks and weak authentication are a dangerous combination, but all too common, according to new research from Yubico. The 2024 Global State of Authentication survey highlights authentication trends and vulnerabilities for work and personal accounts.

The report reveals that 39 percent of respondents consider username and password combinations the most secure form of authentication, and 54 percent still rely on this method for their work accounts.

Similar patterns are observed among individuals using login credentials for personal accounts, with 58 percent doing so. The survey highlights that users have encountered breaches in sensitive accounts, including 44 percent for social media, 24 percent for payment applications, and 13 percent for banking accounts.

The survey indicates that 40 percent of respondents believe that the security features offered by online applications and services are insufficient. While this is true, respondents also exhibit limited familiarity with multi-factor authentication (MFA), with 32 percent lacking knowledge about it and 22 percent lacking the ability to implement it at home.

Phishing attacks are increasing in sophistication due to the use of AI, a large majority of survey correspondents say. The use of AI has even facilitated a spread to regions such as Japan that have previously been protected by language barriers. The report recommends implementing phishing-resistant MFA solutions, such as Yubikey, and passwordless options like passkeys.

“We’re really encouraged by the activities from our government here in Australia, particularly the Australian Signals Directorate, which is encouraging the use of phishing-resistant MFA,” Geoff Schomburgk, regional vice president for Asia Pacific and Japan at Yubico, told ITBrief Asia in an interview.

Although some users have been relying on MFA in the form of SMS-based one-time passwords, the report indicates that this authentication method is inconvenient and susceptible to cyberattacks. The reluctance to adopt a more secure method like passkeys can be attributed to users’ familiarity with SMS-based authentication.

Yubico VP urges to orgs support passkeys

Several proactive measures can be implemented by individuals and organizations to mitigate the security vulnerabilities in traditional user authentication methods, such as adopting secure authentication methods like hardware security keys, biometrics, and passkeys, the report says. Given the evolving cyber threat landscape, users must prioritize secure forms of authentication to safeguard their sensitive information.

According to the report, if online accounts, such as email, social media, and financial services, offer passkeys, users should consider them as their primary mode of authentication. Even the organizations should promote the use of advanced MFA options.

In an interview, Derek Hanson, vice president of standards and alliances at Yubico, says, “Like any new technology, passkey adoption will be slow – unless organizations begin to remove unsafe methods of authentication for users, like SMS OTP.”

Conducted by Talker Research, the report surveyed 20,000 respondents from various countries, including Australia, France, Germany, India, Japan, Poland, Singapore, Sweden, the United Kingdom, and the United States. The research aimed to assess the global impact of cybersecurity on personal and professional domains and the adoption of authentication methods.

Article Topics

biometric authentication  |  biometric security key  |  biometrics  |  cybersecurity  |  multifactor authentication  |  passkeys  |  Yubico