Passwords Remain the Main Method of Authentication and Top Cause of Data Breaches

The username/password combo is still the dominant method of authentication used to access business devices, apps and data. Conversely, the password is still the top attack vector for organizations of all sizes, new research shows.

New research from Enterprise Management Associates (EMA), sponsored by Mobileriron, reinforces the notion that it’s time to make traditional passwords a thing of the past. 42% of respondents in EMA’s survey indicated that their organization had been breached as a result of the compromise of a user’s password.

Poor password hygiene is a top cause of data breaches. Some 31% of respondents indicated their organization had been breached because user credentials were shared with an unauthorized peer. This accounts for the prevalence of phishing attacks. 28% of respondents indicated their organization had been breached as a result of a phishing email designed to harvest employee credentials.

While there are alternatives to text-based passwords for enterprise authentication, research sponsored by Bitdefender shows that training staff in cybersecurity is still the best way to prevent a cyber-attack. Organizations that emphasize cyber training are also more efficient at responding to an unfolding cyberattack.

Organizations must train employees to spot a devious phishing email and act as a first line of defense. A hacker can avoid tripping any wires if the victim is tricked into opening a malicious email attachment on their endpoint. But since the human factor is inherently vulnerable, organizations should also invest in technologies that fill this gap, such as Network Traffic Analytics, or solutions like Managed Endpoint Detection and Response.