Cloud professionals cling to their passwords despite the risks
Despite the fact that insecure password practices are regularly exploited in cyberattacks worldwide, 83 percent of cloud professionals surveyed at the recent Cloud Expo Europe event say they are confident about passwords' security effectiveness, with 34 percent 'very confident'.
But the study, of over 150 people, carried out by Beyond Identity also reveals frustrations. 60 percent find it frustrating to remember multiple passwords, 52 percent are frustrated by having to regularly change their passwords, and 52 percent by the requirement to choose long passwords containing numbers and symbols.
The number of passwords in use is an issue too, 26 percent say they use four to five passwords, with 10 percent using 10 or more passwords on a daily basis. Adding to the difficulties password users face is that many organizations require frequent password changes, with 38 percent suggesting quarterly updates, 27 percent monthly changes, and six percent recommending daily or weekly changes. This can be an arduous task, while delivering minimal security benefits.
"Widespread user frustration represents a dangerous situation for organizations using password-based systems to protect their data in the face of continued phishing attacks. This survey shows an alarming displaced confidence from cloud professionals -- the bottom line is you can't have effective security and advance to meet the promise of zero trust security if you are still using passwords," says Patrick McBride, co-founder of Beyond Identity.
Most cloud organizations (82 percent) now use multi factor authentication as an added layer of security, with the most popular MFA being a mobile authenticator app. When asked their opinion on MFA, the general feeling of respondents was positive, with 55 percent claiming to be 'very confident' in it as a security measure.
In the wake of recent successful MFA bypass attacks McBride adds a note of caution, "Passwords have been used in IT for more than 60 years, but cyber threat actors have driven them into redundancy. And now with MFA-bypass attacks on the rise, it's essential to move beyond first-generation Multi-Factor Authentication (MFA) that uses one-time-passwords and push notifications, and adopt next-generation 'phishing-resistant' MFA for a more effective defense against cyber risks."