Passwords still dominant authentication method, top cause of data breaches

[Antus67]

Content source

https://www.helpnetsecurity.com/2020/03/09/passwords-data-breaches/

Passwords remain the dominant method of authentication and top cause of data breaches, according to MobileIron. A new report also highlighted the importance of a zero trust security strategy that provides context-aware, conditional access to a device or user.

EMA surveyed 200 IT and security managers and looked at a range of IAM technologies.

“The digital workplace is driving transformation within organizations of all sizes as employees are increasingly accessing business apps and data from locations outside of their offices and homes,” said Steve Brasen, research director of endpoint and identity management at EMA.

“At the same time, mobile threats are increasing. More than 60 percent of respondents indicated their organization had experienced a security breach in just the last year. Organizations need to implement context-aware security and passwordless authentication to dynamically adapt to modern threats while removing the friction that is inhibiting end user productivity.”

The report reinforced that it’s time to make passwords a thing of the past.

Key findings

• The username/password continues to be the dominant method of authentication used to access business devices, apps and data.
• The password is still the top attack vector for organizations of all sizes, with 42% of respondents indicating their organization had been breached as a result of a user password compromise.
• Poor password hygiene is also a top cause of data breaches, with 31% of respondents indicating their organization had been breached as a result of user credentials being shared with an unauthorized peer.
• Phishing attacks, which are designed to harvest employee credentials, are prevalent. Twenty-eight percent of respondents indicated their organization had been breached as a result of a successful phishing attack.
• IT and security managers are most confident in the ability of hardware tokens/security keys, thumbprints, and mobile devices to prevent access-based security breaches, compared to other authentication methods like passwords and PINs.

“We all know that passwords are antiquated and open us up to even more cyber threats,” said Rhonda White, CMO at MobileIron. “Organizations urgently need to replace passwords with a secure and frictionless alternative. Making mobile devices the primary form of authentication to enterprise cloud services provides the best user experience for employees and significantly reduces the risk of data breaches for security leaders.”

 

[ForgottenSeer 85179]

Because web sites / admins are too lazy to implement WebAuthn (FIDO2) ..
They're the only who should get blamed for the actually situation.

WebAuthn is already support by all big browser's and the hardware exist too.
Also this would solve all password manager problems

 

[Ink]

Guide to Web Authentication

An introduction to Web Authentication (WebAuthn), the new API that can replace passwords with strong authentication.

webauthn.guide

"Often a password is all that lies between a malicious user and our bank accounts, social media accounts, and other sensitive data."

 

[Local Host]

Because web sites / admins are too lazy to implement WebAuthn (FIDO2) ..
They're the only who should get blamed for the actually situation.

WebAuthn is already support by all big browser's and the hardware exist too.
Also this would solve all password manager problems

But that has always been the case, our passwords only get leaked cause of those same web masters.

Is the main reason we all turning to 2FA, which needs confirmation from our side (but even that has been exploited on web masters side, which is ridiculous).