Tragic mistake: Companies think passwords are plenty safe

Two desks on a business trading floor, one with computer monitor displaying 'Password Protected.'
(Image credit:

It's well known that passwords are weaker than other security methods, but that isn't stopping organisations from using them. 

According to new research from Thales Group, 41% of US and Brazilian IT security professionals believe that passwords are still effective for access management, regardless of security worries.

Thales says the majority of 300 survey respondents are planning to "expand the use of usernames and passwords, even though the limitations could pose strong security challenges".

Security is a balancing act 

The report also quizzed IT decision makers on common cyberattack targets. Most respondents (68%) said unprotected infrastructure was a major cyber attack target, followed by cloud apps (58%) and web portals (52%).

Thales found that IT departments are having to balance security and convenience due to an increase in remote working following the coronavirus pandemic. 

"The recent explosion of the remote work environment brought on by the Covid-19 global pandemic has forced IT departments into a tug-of-war between security and convenience at a time when risks are at their highest," wrote the firm in a media release.

Nearly all respondents (94%) said their access-management security policies were "influenced by breaches", but over half (58%) of IT departments were letting employees access corporate resources via social-media accounts.

Worryingly, 28% of respondents said that social-media logins were "one of the best tools for protecting cloud and web-based authentication".

What's more, respondents said the adoption of access-management solutions was largely driven by security concerns (88%) or the potential of falling victim to large-scale breaches (84%).

Securing organisations

The survey also explored how increased cloud adoption is resulting in "further complexity" for organisations, with 97% of respondents expecting problems if their organisations don't take steps to secure applications. 

When it comes to access management, two-factor authentication (66%), smart single-sign-on (43%) and biometric authentication (39%) were seen as the best methods for securing cloud and web apps. 

Although many organisations are still heavily relying on passwords, the vast majority of participants (95%) indicated that they have adopted multi-factor authentication techniques. 

But only 15% said they had a dedicated multi-factor authentication tool, and while smart single-sign-on was the least popular method for access management (59%), 26% were planning to adopt it this year and 86% planned to expand use of it. 

"Innovation in access security allows us to overcome the reliance on passwords, which are proven to be insufficient in protecting data," said Francois Lasnier, vice president for Access Management solutions at Thales. 

"Organizations that utilize cloud-based access and passwordless authentication to scale secure cloud adoption will be able to meet the increased need for improved security, especially at a time when access control is critical for today's remote workforce. 

"The elimination of username and passwords as a sole method of authentication and broader use of smart single-sign-on will result in a greater level of security and convenience as more and more applications are delivered from outside the security perimeter." 

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!