Decoding tomorrow: Developer secrets, security and the future of passkeys

In this inaugural study, Bitwarden surveyed more than 600 developers to understand how they perceive and implement security best practices. The survey also polled attitudes and adoption practices related to IT security technologies and trends, including passwordless authentication, secrets management, and the cybersecurity risks associated with the rise of generative AI.

• Almost all (94%) cite ‘secure by design’ principles as very or extremely important in the development process.

• Although ‘secure-by-design' principles are important to developers, 26% claim implementation is too time consuming and 18% say they’re too understaffed and working tight deadlines.

• And, practices like hard-coding secrets in source code (65%) and keeping secrets in clear text (55%) prevail.

• Over three-fourths (78%) strongly or somewhat believe generative AI will make maintaining data security more challenging.

• Most (83%) have significantly or somewhat invested in AI technology. However, unsecure use is prevalent: 30% have entered developer secrets into a generative AI platform, 24% have entered privileged credentials, and 25% have entered social security numbers.

• Over a third (38%) believe AI will pose the biggest cyber threat 5 years from now, followed by ransomware (19%) and poor cyber hygiene (16%).

• A majority (88%) have a highly favorable or favorable attitude towards passkeys and passwordless features.

• Over two-thirds (68%) of developers have used passkeys for accessing work applications; 60% for accessing personal applications.

• But while FIDO2 and passkeys have received attention as a potential password alternative, just 36% think they will replace passwords.