Despite Increasing Cybersecurity Attacks, People Still Believe Antiquated Username and Passwords Are Strong Enough

In the era of uncertainty with AI and an increase in cybersecurity breaches, Yubico, the leading provider of hardware authentication security keys, today shared the results of its 2024 Global State of Authentication survey, just in time for Cybersecurity Awareness Month kicking off next week.

Conducted by Talker Research, the survey polled 20,000 people from around the world, including Australia, France, Germany, India, Japan, Poland, Singapore, Sweden, the United Kingdom and the United States, to gauge perceptions and understanding of the global impact of cybersecurity both personally and in the corporate realm, explore the risks posed by inadequate security practices, the potential threat of technology like Artificial Intelligence (AI) and the impact this has on both personal and organisational safety.

Yubico’s 2024 Global State of Authentication

The results of the survey uncovered concerning patterns and behaviours when it comes to personal and workplace cybersecurity, including the extensive underutilisation of multi-factor authentication (MFA) and a generally reactive approach to addressing cyber threats. Key global findings include:

• Despite being the least secure form of authentication, the most common authentication method is username and password.
  • 58% use a username and password to login to personal accounts
  • 54% use a username and password to login to their work account.
• With the rapid advancements in artificial intelligence, 72% of respondents said that online scams and phishing attacks have become more sophisticated and 66% said they are more successful.

• Respondents show a lack of awareness of best practices for authentication
  • 39% think username and password are the most secure and 37% think mobile SMS-based authentication is the most secure, both are highly susceptible to phishing attacks.

• 40% don’t think or aren’t sure if the online apps and services they use are doing enough from a security standpoint to protect their data, accounts and personal information. Even with this uncertainty, 22% have never done a personal cybersecurity audit (e.g. removing personal data from the internet, installing or updating cybersecurity software on their devices, changing compromised passwords, etc.) to better protect themselves online.
• Respondents report the most commonly compromised passwords are on the apps and services that hold their most confidential, financial and personal information. These include:
  • Social media account – 44%
  • Payment app – 24%
  • Online retailer account – 21%
  • Messaging app – 17%
  • Banking app – 13%

• For employees, even with security breaches increasing every year, 40% of respondents have never received cybersecurity training from the organisation they work for and only a small fraction (27%) believe the security options that their organisation has in place are very secure.
• When looking at the security aspect of onboarding employees, over 1/3 (34%) of respondents said they did not receive instructions to secure their work accounts with more than just a username and password when they first started at the company they work for.
• Despite the fact that every employee in an organisation is a potential target, 41% said security measures and requirements differ based on role and title at their company, leaving room for bad actors to infiltrate within several levels of an organisation.

“The findings highlight the need for a holistic cybersecurity strategy that encompasses both home and work environments,” said Derek Hanson, Vice President of Standards and Alliances at Yubico. “This includes adopting stronger authentication methods to become phishing-resistant, fostering a culture of security awareness through consistent employee training, and more. Ultimately, building a unified front against cyber threats requires a concerted effort to bridge the gap between perceived and actual security. By integrating advanced security measures into all aspects of our digital lives, we can better protect ourselves, our data, and our organisations.”

Cybersecurity breaches and phishing schemes aren’t solely a worry for IT departments or tech-savvy individuals; they also pose serious risks to the general public, especially in the era of Artificial Intelligence (AI). As cyberattacks and online scams become increasingly sophisticated, it is more important than ever for everyone to stay vigilant in both their personal and professional lives.

“When individuals fail to secure their personal accounts, they also put their workplaces at risk. This is why it’s crucial for enterprises to adopt a holistic approach to cybersecurity that considers the security of both work and personal environments,” Hanson continues.

For the full results of the survey, including recommendations for solutions, you can download an overview of the report here and the associated infographic here. For more information on Yubico, visit www.yubico.com.