Apple @ Work is brought to you by Kolide by 1Password, the device trust solution that ensures that if a device isn’t secure, it can’t access your apps. Close the Zero Trust access gap for Okta. Learn more or watch the demo.
World Password Day is coming on May 2, 2024, and Bitwarden is releasing its 4th annual survey looking at how password management has evolved. The company surveyed 2,400 people from the United States, the United Kingdom, Australia, France, Germany, and Japan to explore contemporary password practices among users. This survey looks at password security behaviors at home and in professional settings, evaluates how phishing and AI affect online security, and gauges users’ feelings about adopting passkeys as a new authentication method.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Password management has continued to evolve in the enterprise in recent years as SSO solutions like Okta become crucial to how organizations secure their environments. Still, even past that, Passkeys and password managers continue to work side by side with SSO solutions for end-to-end security. Solutions like Kolide, which I use daily, are also a component of ensuring that devices are secure. There’s no single-bullet solution for security around password and app management.
Risky password practices revealed by individuals for personal use
Bitwarden’s survey reveals that a significant 38% of individuals in the US reuse passwords across 11-20 accounts, which contrasts with the global average of 20%. Furthermore, 42% of these individuals use personal information in their credentials that can be easily found on social media (61%) and online forums (40%). This demonstrates a stark discrepancy between recommended security measures and user behavior, emphasizing how poor password habits and password reuse significantly increase the risks of cybersecurity threats and identity theft.
The discrepancy between cybersecurity confidence and actual behaviors
Despite 77% of users expressing confidence in their ability to recognize a phishing attack, and 74% feeling prepared to handle AI-enhanced cyber threats, many still engage in risky password management techniques. A significant 55% rely on memory and 35% on pen and paper to manage their passwords at home. In comparison, nearly half (46%) frequently access personal and work data over public networks, heightening their risk of exposure. These practices result in tangible consequences; 23% of US respondents have experienced security breaches, with 26% having their passwords stolen or compromised—higher than the global averages of 19% and 23%, respectively. This highlights the cognitive dissonance between users’ perceived security competencies and their actual practices.
Poor personal password habits affecting security at work
The survey findings indicate that individuals’ lax password practices at home are often mirrored in the workplace. Most respondents admit to relying on memory (59%) and pen and paper (34%) to manage workplace passwords. Over half (52%) frequently reuse passwords across different workplace accounts. Although 60% receive regular security training and 57% feel confident in managing threats, nearly a quarter (23%) acknowledge their workplace security habits are somewhat risky. This is a major concern as US respondents continue to use weak or personal-info-based passwords (44%), manage work passwords insecurely (45%), neglect the use of two-factor authentication (2FA, 23%), and share passwords insecurely (32%).
Rising adoption of stronger cybersecurity habits
Encouragingly, the survey shows a positive trend in adopting more robust cybersecurity behaviors. Fifty-six percent of US individuals who use a password manager at home report increased security consciousness at work, with 48% stating they now reuse passwords less frequently. The benefits of password management software are also being shared within workplaces by 32% of the respondents. The influence of password managers extends to personal security, with 67% noting increased security awareness at home and a 49% reduction in password reuse frequency.
How is passkey adoption going?
About 51% of US respondents have started using passkeys, pointing towards a gradual transition to passwordless authentication. However, 34% still do not fully understand the security benefits of passkeys, indicating a need for more education from the industry. Despite the growing adoption, there are ongoing concerns about privacy and security, with apprehensions about data misuse (36%), monitoring uncertainties (34%), unauthorized access (30%), and secure storage doubts (28%). To foster wider acceptance, transparent communication, and robust security assurances are crucial.
Organizations adopting passkeys could increase trust in their security resilience for 65% of respondents, and 68% would be more inclined to use passkeys personally if implemented at their workplace. While 45% believe passkeys and passwords will coexist, 22% foresee passkeys making passwords obsolete. Despite varying perspectives, a significant majority (62%) agree that the industry needs to enhance public education on the benefits of passkey technology.
Download the entire survey to learn more
FTC: We use income earning auto affiliate links. More.