451 Research, a division of S&P Global Market Intelligence Report, polled 400 enterprise security decision makers in the United States, United Kingdom, Japan, and Australia to understand enterprise adoption trends and password management preferences. Questions examined spending patterns, use cases, and sentiment of password managers, adoption, and standards.
As professionals actively seek to further mitigate the risks of cyber attacks in today’s interconnected world, results of the survey provide guidance on and understanding of current trends.
7 key survey takeaways
Security Concerns
1. When it comes to password adoption, security concerns drive adoption more than convenience and user experience.
2. Despite confidence in password policies to stave off security threats, performing password audits isn’t yet commonplace.
“About two in five (41%) respondents said they do not audit for password strength or reuse.”
-Page 6, Security Intentions and the Persistence of Passwords
Remote Work
3. Risk is not commensurate with usage: third parties and remote workers are considered the highest risk user group, yet paradoxically the least likely to be deployed password management tools.
4. Remote work has made password management the most popular security technology, ahead of email security and remote access solutions.
“More than half (57%) of all respondents use password management. Another 15% said they would be adopting password management.”
-Page 1, Security Intentions and the Persistence of Passwords
SSO
5. The sheer number of and nature of modern-day applications means passwords have serious staying power - and security technologies need to reflect this.
“A majority (55%) of respondents said password ubiquity keeps enterprises using passwords. Meanwhile, 56% of USA respondents said that only 34%-66% of their apps use single sign-on (SSO). Many apps not using SSO means more username and password combinations.”
-Page 2, Security Intentions and the Persistence of Passwords
Passwordless
6. Passwordless authentication checks boxes for user experience and security.
“It is not a panacea yet, given that the number of non-SSO-compliant applications being added is increasing faster than ever."
-Page 7, Security Intentions and the Persistence of Passwords
7. Passwordless still retains a broad umbrella definition for IT decision makers
“Almost two-thirds (61%) of respondents said one-time passcodes (OTP, SMS, email) are a form of passwordless authentication.”
For full survey results, download the Security Intentions and the Persistence of Passwords report.