UK firms still rely on “conventional, outdated methods” to authenticate their digital accounts, claims a new report. Yubico’s State of Global Authentication survey shows that 53 percent use usernames and passwords, 24 percent use mobile SMS-based authentication, 22 percent use password managers and 19 percent use mobile authentication apps or one-time passwords.
This is despite almost half (49 percent) agreeing that organisations need to upgrade to phishing-resistant multi factor authentication (MFA).
“Concerningly, more than half of UK organisations are still relying on using usernames and passwords and other outdated authentication methods, according to our research. This, paired with poor basic cyber-hygiene practices, puts organisations at great risk of data breaches, ransomware attacks and phishing schemes,” said Niall McConachie, regional director (UK & Ireland) at Yubico.
“To effectively mitigate these types of attacks, UK businesses should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or multi-factor authentication (MFA). By removing the need for passwords, strong 2FA and MFA are more user-friendly and bridge the gap between personal and professional data security. FIDO2 security keys, for example, have proven to be the most effective phishing-resistant option for business-wide cybersecurity. Interestingly, more than any other country surveyed, UK respondents understood that universal MFA is best practice for authentication and is a vital part of cybersecurity, but the companies they work for aren’t providing these more robust methods.”
McConachie continued: “Cyberattacks are not limited to companies and can directly target customers and employees as well. Indeed, over the past year, 77 percent of global respondents say they’ve been exposed to a cyberattack in their personal life and 48 percent had been exposed to one at work. This further emphasises the need for businesses to improve their cybersecurity while also educating employees on how to protect themselves online – beyond the use of usernames and passwords.”