The high cost of insecure authentication methods

Insecure authentication is a primary cause of cyber breaches, and that cumbersome login methods take an unacceptable toll on employees and business productivity, according to HYPR.

Respondents indicate that a passwordless approach would increase productivity (45%), improve user experience (86%), strengthen security (86%) and accelerate adoption of multi-factor authentication (42%).

Insecure authentication methods still in use

“The report findings make it evident that maintaining the status quo is a risky proposition all around,” said Bojan Simic, CEO and CTO of HYPR. “A passwordless approach provides a user experience people will want to adopt and ensures the security defenses that today’s threat landscape demands. Simply put, if users won’t adopt your security controls, they are destined to fail. This report offers insights and evidence to support organizational leaders in making the business case to move towards phishing-resistant passwordless authentication.”

The cost of breaches to organizations is profound, with 35% suffering reputation damage, 36% losing customers to their competition, 53% experiencing critical data loss, and 56% facing significant financial loss. Despite these tremendous costs, an astounding 58% of organizations said they kept the same insecure authentication methods after facing a breach. Legacy authentication has other material consequences.

Workforce resistance towards authentication technology

User experience is a major pain point as reported by 64% of IT and security leaders with nearly one third (31%) of organizations finding workforce resistance towards using authentication technology. This proves that user experience holds a role as important as security when it comes to the adoption of strong authentication.

“It is time to take action. HYPR’s research highlights the poor user and administrator experience caused by layering increasingly complex authentication on top of a fundamentally flawed password foundation,” said Andrew Shikiar, Executive Director and CMO of FIDO Alliance. “The FIDO Alliance has a vision for simpler, stronger authentication. It begins by getting rid of passwords and replacing them with phishing-resistant solutions that radically improve the user experience. Universal adoption will depend on individuals embracing this shift.”

Majority of employees struggle with forgotten passwords

60% of organizations reported authentication breaches over the last 12 months. Three of the top four attack vectors are connected to authentication, highlighting the importance of secure authentication methods.

However, 58% of organizations continue to use insecure authentication methods after experiencing a breach. On average, authentication-related breaches cost organizations $2.95 million and companies spent an average of $375 per employee per year in help desk costs on password-related issues.

The average employee navigates four different authentication methods daily and 81% of respondents reported being blocked from work-critical information due to forgotten passwords. Of organizations that state they use passwordless authentication for employees, the term passwordless is widely misunderstood: only 3% are using phishing-resistant passwordless methods.

Additionally, 28% of organizations were hit by push notification attacks, with the financial services and energy sectors experiencing a higher rate of such attacks, and 86% of IT/IS security decision makers believe that passwordless authentication is essential for both security and user satisfaction.