A recent survey shows why corporate password policies are doing very little to stop employees from mishandling their passwords. It also finds most employees favour biometric security and that Apple’s new Face ID feature is widely trusted – even though almost no one has actually used it yet.
A new report by Israeli security firm Secret Double Octopus (SDO), whose password-free authentication technology was “originally developed to protect nuclear launch codes”, reveals that despite policies intended to protect passwords, a significant number of employees still admit to mishandling them, however anonymously.
Nearly 40 per cent of government employees surveyed say they use paper notes to store passwords, while 14 per cent admit to storing them digitally using a spreadsheet or document – a major security faux pas. About half as many employees are doing the same in the healthcare industry, the survey found. Roughly 13 per cent of financial sector employees use an application such as Notepad to store their passwords, whereas 28 per cent rely on paper notes, according to SDO, which polled 522 respondents at medium and large business with over 1000 employees.
Overall, about 59 per cent of employees said they rely on paper notes, documents or Notepad-like applications to store work-related passwords. Unsurprisingly, it gets worse.
Fourteen per cent of respondents said they share work-related passwords, while 21 per cent admitted to reusing work passwords for other online services – another huge no-no. At least five per cent said they are aware of having at one point entered a work-related password into a fraudulent form or web page. That figure rises to 11 per cent in the IT industry. (Likely IT employees are simply more aware of their mistakes.)
Among employees who reused work passwords for online services – think Netflix or Gmail – the highest prevalence occurs in the banking industry (21 per cent). Millennials are supposedly more likely to reuse work passwords (28 per cent), according to SDO, while employees between the ages of 55 and 64 admitted to doing so less than 10 per cent of the time.
Facial Recognition Highly Desired
Despite the 1984-esque privacy concerns raised over Face ID – the technology introduced in the new iPhone X, which no one yet owns – a plurality of employees claim it is the preferred authentication method. In terms of trustworthiness, Face ID is second only to Touch ID, which relies on fingerprint scanning as opposed to facial recognition; 86 per cent prefer Touch ID over passwords, while 72 per cent say Face ID is preferable.
The relative ease with which these technologies are used is a considerable factor. According to SDO, around 37 per cent of employees are required to remember four or more passwords at work, and they’re asked to replace them at a minimum three times per year. Two-thirds of respondents admit they almost always forget to do so.
“Employees’ authentication method-of-choice often plays an important role in an organisation’s overall security structure,” SDO says. “The more user-friendly and trustworthy a method is, the more likely it will be successfully adopted with little to no friction from users.”
For whatever reason, Face ID – which again, almost no one has actually tried – is considered significantly less “user-friendly” than Touch ID. But according to Apple, which recently disputed charges that it reduced Face ID accuracy to meet production demands, the technology is actually more secure.
Apple claims the iPhone X’s TrueDepth camera maps the unique contours of a user’s face using 30,000 infrared dots. And whereas there is a 1-in-50,000 chance of someone unlocking a stranger’s phone with their fingerprint, the chance of a false positive with Face ID is supposedly 1 in 1,000,000. Whether it lives up to the hype and remains relatively unhackable, we’ll have to wait and see.