Enterprises Persist with Outdated Authentication Strategies

Cyber Security Threat Summary:
Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are struggling to deliver secure and user-friendly authentication. The research uncovered that despite the emergence of modern strategies, most companies still rely on traditional approaches.

Many are failing to adhere to best practices for password management, which is leaving them exposed as compromised credentials are behind more than 50% of breaches, according to the Verizon 2023 Data Breach Investigations Report. “Authentication strategies are firmly in cybercriminals’ crosshairs,” said Michael Greene, CEO of Enzoic. “Despite this recognized vulnerability, enterprises continue to deploy archaic strategies that fail to eliminate authentication mechanisms as a threat vector. The much-hyped passwordless future is not on the horizon anytime soon for most organizations, so it’s vital to adopt modern and robust password policies that don’t add friction for users.”

Security Officer Comments:
According to the research, only 12% of companies currently use use passwordless authentication, while 68% rely on usernames and passwords. However, 46% plan to phase out passwords within three years. Surprisingly, 19% have no such plans, indicating passwords' lasting importance. To enhance security, organizations using passwords should update practices, consider MFA, and monitor the dark web for exposed credentials. Despite 84% being concerned about weak passwords, 46% believe some of their passwords are on the dark web, 26% are unsure, and 56% have faced MFA issues.

Suggested Correction(s):
Cyberattacks often trigger action, with 38% conducting security audits, 28% implementing MFA, and 30% strengthening password policies. Regrettably, 10% take no post-attack measures. Even though NIST published password best practices in 2017, 33% remain unaware, and 54% learned about it in the last year. This knowledge gap leaves many with outdated password strategies, increasing their vulnerability to attacks. It's crucial for companies to prioritize credential security beyond passwordless hype and take action promptly.