SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
UK internet users at risk due to password duplication
Thu, 28th Dec 2023

In recent years, our reliance on online services has surged, creating an urgent need for optimal security practices. Password security statistics illustrate this problem. According to a recent survey of 2,000 UK and US consumers by Yubico, conducted through OnePoll, almost two-fifths (39 per cent) of respondents confessed to using the same passwords for multiple accounts, leading to increased security risk. Concerningly, more than 80 per cent of data breaches arise from stolen or misused login details.

The necessity of heightened digital security is becoming increasingly clear as the Christmas shopping season approaches. Yubico's experts provide three key recommendations for safely accessing online accounts without the requirement of passwords. The aim is to shed light on this critical issue and suggest viable solutions for a more secure future.

The first tip is the adoption of multi-factor authentication (MFA). The study reveals that users regularly duplicate passwords across various accounts, a practice that victimises them for digital breaches. MFA, combining two or more authentication factors, drastically elevates online security. Factors might range from something known like a username, something owned like a security key or mobile device, or something inherent like biometric data. This multi-layered approach considerably intensifies the challenge for attackers to access accounts without authorisation. The implementation of MFA also ensures that even when a password is compromised, the attacker will need another form of authentication to access the targeted account.

Utilising passkeys for enhanced security is another valuable measure. This innovative technological solution for passwordless authentication involves either a physical hardware security key or a syncable device to safely access online accounts. Hardware-bound passkeys, which secure credentials on the device without the possibility of copying, offer heightened security compared to syncable ones. Still, both types provide a tool to step away from phishing prone passwords.

The final recommendation is adopting a Zero Trust approach in personal cybersecurity. Widely used by large corporate and government entities, this strategy applies equally to individuals. Zero Trust advocates for continuous verification of every user and device aiming to access an online account, thereby significantly bolstering cybersecurity. By doing away with outdated trust-based models and switching to real-time authentication, Zero Trust prevents hackers from accessing the individual's account even if they obtain the password.

In summary, the urgent need for greater security in an increasingly digital world cannot be overstated. By incorporating these three essential steps into our routine, we can significantly minimise the risk of data breaches and ensure an optimal level of security for our personal information. As we imbibe the advantages of the digital era, we must also prioritise enhancing our online security, ensuring a safer and more convenient online experience.

This information was provided by Geoff Schomburgk, Vice President for Asia Pacific & Japan at Yubico.