Passwords still rule when securing user accounts

A new global study reveals that 58 percent of people use a username and password to login to personal accounts and 54 percent do so to login to work accounts.

The report from Yubico, based on a study of 20,000 people around the world carried out by Talker Research, reveals a worrying lack of awareness of best practices for authentication. 39 percent think username and password are the most secure and 37 percent think mobile SMS based authentication is the most secure, though both are highly susceptible to phishing attacks.

In addition, 40 percent of respondents don't think or aren't sure if the online apps and services they are using are doing enough to protect their data, accounts and personal information. Even with this uncertainty, 22 percent have never done a personal cybersecurity audit -- removing personal data from the internet, installing or updating cybersecurity software on their devices, changing compromised passwords, etc. -- to better protect themselves online.

The most commonly compromised passwords are on apps that hold some of the most important personal data. These include social media accounts (44 percent), payment apps (24 percent), online retailer accounts (21 percent), messaging apps (17 percent) and banking apps (13 percent).

"The findings highlight the need for a holistic cybersecurity strategy that encompasses both home and work environments," says Derek Hanson, vice president standards and alliances at Yubico. "This includes adopting stronger authentication methods to become phishing-resistant, fostering a culture of security awareness through consistent employee training, and more. Ultimately, building a unified front against cyber threats requires a concerted effort to bridge the gap between perceived and actual security. By integrating advanced security measures into all aspects of our digital lives, we can better protect ourselves, our data, and our organizations."

For employees, even with security breaches increasing every year, 40 percent of respondents say they have never received cybersecurity training from the organization they work for and only 27 percent believe the security options that their organization has in place are very secure.

In addition 34 percent of respondents say they didn't receive instructions to secure their work accounts with more than just a username and password when they first started at the company.

You can get the full report on the Yubico site and there's an infographic summary of the findings below.

Image credit: designer491/depositphotos.com