SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
World Password Day on May 4 is a reminder of security keys
Thu, 4th May 2023

World Password Day (WPD) is marked on May 4, and according to the team at Yubico, the provider of hardware authentication security keys, it is the perfect time to remind people that every password needs a partner.

Cybercriminals have become more sophisticated in hacking into accounts, and WPD is another reminder about the importance of using security keys and passwords to protect their online accounts.

A new research report conducted by S&P Global Market Intelligence showed an apparent disconnect between businesses' actions to stay secure amid the constant rising threats of sophisticated cyberattacks like phishing.

59% of respondents reported having a security breach within the past year, up 6% from just two years ago. 

There has been a significant increase in customer multifactor authentication (MFA) deployment, which jumped to 57% from 45% in 2021 (a 12% increase).

Only 46% of respondents protect their enterprise applications with MFA.  

Nearly 74% are concerned about the security of SMS or push-based authentication.

Generally, the least secure authentication methods, such as passwords and SMS-based MFA, are deployed most frequently. Username and password rank at the top with 91% response selection, while hardware-based USB security keys (62%), biometrics (59%), passwordless MFA (58%) and smart cards (58%) are the least deployed. 69% of respondents are concerned about the security of SMS or push-based authentication.

“With the continued rise of sophisticated cyberattacks like phishing and ransomware targeting organisations and individuals, we’re seeing successful attacks against the use of both stolen credentials and push notification systems,” says David Treece, vice president of solutions architecture at Yubico.

“To effectively protect identities globally, now more than ever it’s critical to adopt modern forms of phishing-resistant MFA such as FIDO hardware security keys. By using security keys as a second factor or as a passwordless solution, we can ensure credentials and digital identities are protected.”

With 81% of hacks due to weak passwords, having MFA as a partner to the passwords is key. There are simple changes everyone can make to protect themselves, including using a password manager with a complex master password; turning on MFA wherever possible; using a security key, like the YubiKey, as an extra layer of protection.

“Yubico, the inventor of the YubiKey, makes secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based authentication security at scale. YubiKeys are the gold standard for phishing-resistant multifactor authentication (MFA), enabling a single device to work across hundreds of consumer and enterprise applications and services,” adds Treece.