Everyone hates passwords. They are difficult to remember, and human nature is to re-use them across platforms, which is well-known to be a no-no. Managing passwords is time consuming, cumbersome and a pain. Which is why they continue to be a problem for security.
A recent research study sponsored by Yubico and conducted by Ponemon Institute entitled The 2019 State of Password and Authentication Security Behaviors Report surveyed 1,761 IT and IT security practitioners in four countries, in order “to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home…to understand if these beliefs and behaviors align, and why or why not.”
The conclusion of the report is “that despite the increasing concern regarding privacy and protection online and a greater understanding of the best security practices, individuals and businesses are still falling short. Both parties are in dire need of solutions that will offer both added security and convenience.”
According to the report, respondents spend an average of 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords. I actually think that is a conservative number, based upon my own experience. The report states that this results in a productivity and labor loss of $5.2 million annually per company. That is a staggering statistic.
Until we can find a better method of authentication, passwords will continue to be a challenge, both personally and professionally. Nonetheless, they are incredibly important for security, and providing employees with tips on how to manage their passwords is still a valuable risk management strategy. I continue to maintain that the use of passphrases is a tip that employees can relate to and it is helpful to encourage the use of complex passwords in your organization.
The Yubico -Ponemon study confirms what we all know: users are sick and tired of passwords. Even so, providing employees with information about how important they are and how to pick a passphrase that makes sense to them is critical to protecting your company’s data.