Passwordless is more than a buzzword among cybersecurity pros

Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolving or becoming obsolete.

When asked how they protect their passwords, most attendees surveyed indicated they use an additional authentication method to secure their credentials and identity. 73% use some form of multi-factor authentication (MFA), 57% specifically indicated they use an authenticator app and 40% use biometrics.

52% use a password manager, while 34% use a PAM solution to store passwords securely. One in five (21%) indicated they are using passkeys now instead of or in addition to passwords.

“The findings of this survey indicate an understanding of what passwordless means beyond just being a marketing term – specifically that it’s moving passwords into the background and using easier additional forms of authentication instead,” said Joseph Carson, Chief Security Scientist, and Advisory CISO at Delinea.

“This takes on increased significance when 75% of respondents also acknowledged that the fastest way to access a network is through social engineering or stolen identities and passwords. The quicker organizations and end users can evolve their identity and access security beyond passwords, the safer we’ll be as a society.”

The polling also revealed that organizations lag far behind nation-states and cybercriminals. Only 12% of respondents indicated that organizations are ahead of countries and criminals.

The survey also uncovered a range of opinions about the threat of artificial intelligence (AI) programs, with 34% stating that it’s still early days and current iterations are not truly AI. In comparison, 22% indicated that an AI takeover is already here. Only 11% of those polled expressed confidence that AI will never take over.