As Security Professionals, we know what’s safe but are we actually doing it? 👀 Yubico surveyed people about authentication and the results are crazy but not surprising! We can agree that the most (used loosely) secure methods of authentication are at least one of these options: 1. Mobile App Authenticators but only 33% consider this the most secure option 2. Hardware Security/Passkeys and only 30% considered this the most secure. I’m definitely in this group. 👩🏾💻 Yet an overwhelming 41% believed sms codes were the most secure and honestly I think when MFA first became a thing sure I could understand this take but now? Absolutely not. So naturally thinking from an IAM perspective I was curious to know how people were logging into their work accounts and well…. 🥴 56% still use a basic username and password and 36% are using sms codes. Thankfully I’ve never worked at a company that didn’t require at the very least an authenticator app but in most cases it was required to use a hardware key. We need to stop just believing in strong security and start practicing it! If you have the option for a hardware key or an authenticator app, whether in your workplace or at home, use it. Please ditch the sms codes and password-only logins.
Thank you for elevating this conversation! Great data points and important call out – strong security is a daily practice and behavior 🙌🏼
Funny how often this gap shows up. People know what is safer, but habits pull them back to whatever feels quickest. Your point about practice over belief lands well, because that is where real change starts.