In this inaugural study, Bitwarden surveyed more than 600 developers to understand how they perceive and implement security best practices. The survey also polled attitudes and adoption practices related to IT security technologies and trends, including passwordless authentication, secrets management, and the cyber security risks associated with the rise of generative AI.
Developer Survey 2024: Decoding Tomorrow: Developer Secrets, Security and the Future of Passkeys
Table of contents
Developers value secure-by-design principles but fall short of best practices
Almost all (94%) cite ‘secure by design’ principles as very or extremely important in the development process.
Although ‘secure-by-design’ principles are important to developers, 26% claim implementation is too time-consuming and 18% say they’re too understaffed and working to tight deadlines.
And practices like hard-coding secrets in source code (65%) and keeping secrets in plain text (55%) prevail.
“The 2024 developer survey highlights a move towards modern authentication like passkeys in work applications. However, it also shows risky practices continue despite regular security training.
This data underscores the industry-wide challenge of translating security awareness into action.
It's clear there's a need for accessible tools to help the developer community and organizations manage secrets securely, enforce strong authentication, and handle the risks of AI, while keeping innovation on track.”
Generative AI offers both promise and peril
More than three-quarters (78%) strongly or somewhat believe generative AI will make maintaining data security more challenging.
Most (83%) have invested significantly or somewhat in AI technology. However, insecure use is prevalent: 30% have entered developer secrets into a generative AI platform, 24% have entered privileged credentials, and 25% have entered Social Security numbers.
More than a third (38%) believe AI will pose the biggest cyber threat five years from now, followed by ransomware (19%) and poor cyber hygiene (16%).
AI: A Renewed Need for Cyber Security
Survey finds 78% of developers identify AI as a security risk, yet they continue to input sensitive credential, financial and health data into AI platforms.
Passkeys, while valuable, won’t replace passwords
A majority (88%) have a highly favourable or favourable attitude towards passkeys and passwordless features.
More than two-thirds (68%) of developers have used passkeys to access work applications; 60% to access personal applications.
But while FIDO2 and passkeys have received attention as a potential password alternative, just 36% think they will replace passwords.
Passwordless Authentication: Balancing Security and Convenience
68% of developers have embraced passkeys for work applications, indicating a shift towards modern authentication technologies. More than a third (36%) see FIDO2 and passkeys as likely successors to passwords.
Additional resources
View the full report: Decoding Tomorrow: Developer Secrets, Security and the Future of Passkeys
Check out The Survey Room for additional cyber security research.
Get started with Bitwarden Secrets Manager
Visit bitwarden.com/secrets/ to learn more about coding securely.