In its poll of 800 global IT decision makers, the Bitwarden 2023 Password Decisions Survey finds that passwordless technology is making its foray into business workflows, with 49% either deploying or having plans to deploy passwordless technology. Of those respondents, two-thirds (66%) have multiple teams or 1-2 user groups going passwordless and half (51%) are relying on the ‘something you are’ (facial recognition, biometrics, fingerprint, voice) form of passwordless authentication. Overall, 41% say the primary reason to deploy passwordless technology is ‘better security’.
Bitwarden partnered with Propeller Insights to poll independent IT decision-makers across a variety of industries who hold a key role in enterprise purchasing decisions. This year’s findings illustrate several themes:
IT decision makers continue to look to the C-Suite to drive adoption of password management technologies
Security concerns are influencing business decisions
While IT decision makers are nominally the security gatekeepers, they also engage in some risky behaviors
Barriers to passwordless adoption are both technological and psychological
A large majority of IT decision makers would like their employer to require employees to use the same password manager throughout the organization. (Note to employers: if offered, 71% said they’d also be very likely to use a complimentary family account). What makes a good password manager? 60% of survey respondents cite security, 56% cite the availability of 2FA (two-factor authentication), and almost half (40%) cite ease-of-use.
When it comes to security perceptions, the persistence of remote work continues to drive cybersecurity concerns among 60% of respondents. The reality isn’t rosy either, with 60% also reporting their organization experienced a cyberattack within the past year and 49% struggling with employees who use unauthorized devices or software without IT’s approval.
Perhaps in response to this landscape, 80% (up from 75% last year) report having a ransomware mitigation strategy in place and three-fourths say their organization has cyber insurance. Of that percentage, 65% were required to demonstrate they offered cyber awareness training to employees when they applied for cyber insurance, 64% had to show use of MFA, and 61% had to demonstrate use of a password manager.
A majority of respondents (84%) use password managers. But, 54% also write them down in documents on their computer and 45% rely on their memory. When it comes to sharing passwords, most (66%) of respondents share passwords through a password manager.
Although nowhere near as secure, a sizable number also share via email (41%) and online documents (38%). And even though 92% are using 2FA in the workplace (up from 88% last year), nearly the same number (90%) reuse passwords.
When asked why their organization has not deployed passwordless technology, 49% cite the inability of applications currently in use to make the transition and 39% say end users prefer passwords. When all respondents consider the biggest barrier to passwordless adoption, 34% say end users prefer passwords. While passwordless technology is clearly promising, its application across workflows will likely depend on a number of factors and its timeline will differ across industries.
“Our survey shows businesses are looking beyond passwords and desire new technologies that reflect passwordless workflows, which shouldn’t come as a surprise. While strong and unique passwords are highly effective at safeguarding data, weak or re-used passwords that are not managed by an end-to-end encrypted password manager present serious vulnerabilities.
The Bitwarden approach takes into account this evolution but also reflects that adoption timelines vary by company, technology, and end-user preference and that security remains the paramount goal for individuals and enterprises alike.”
- Bitwarden CEO Michael Crandell
To view the full survey findings, download the 2023 Password Decisions Survey.