January 30, 2019

Password security: IT experts prefer human memory due to government surveillance fears

By Priya Kantaria

IT professionals have growing concerns about government surveillance, and it’s impacting their approach to password security.

The Ponemon Institute with authentication key vendor Yubico surveyed over 1,500 IT and IT security practitioners in the US, the UK, Germany and France to investigate beliefs and behaviours around password management and authentication.

“These respondents should be more knowledgeable and aware of the risks of poor password practices than individuals who do not work in IT or IT security,” the institute said in its report.

However, the answers from these professionals were particularly surprising around how they managed their passwords, with 53% saying they simply use their memory.

Government surveillance fears strong among IT professionals

59% of the professionals surveyed said they had growing concerns about government surveillance and 51% said they were using their mobile devices more often, causing more concern about privacy.

Around a third said they knew someone who became a victim of a data breach and a third said they themselves were victim to a data breach, with almost 10% being a victim of identity theft.

Why are you more concerned about your privacy?

Credit: Yubico

“People are becoming mindful of the worth of personal data as a tool for nefarious acts,” said Ronnie Manning, vice president of communications at Yubico.

“Media attention is creating greater anxiety around large scale breaches and the fact that anyone can become a target, which in turn is driving a demand for better security, authentication technologies and privacy measures to protect valuable information.”

The personal data IT pros fear losing the most

62% of IT professionals were concerned about protecting their social security number or citizen ID, which could perhaps lead to identity theft.

Payment account details were also a high priority for adequate protection, and details around health conditions, which might affect medical insurance prices.

What personal information are you most concerned about protecting?

Credit: Yubico

“Personally identifiable information – passport number, bank account, National Insurance number – offers hackers an opportunity to access important data that could enable them to clone identities or damage a person’s credit history,” said Manning.

“The concern around health information is particularly interesting because of the potential consequences if these details were lost or stolen. Could it affect insurance policies, future employment? The implications could be far-reaching.”

Password security approaches

While password managers are frequently used to store and protect passwords, over half of those surveyed used their own memory to protect their passwords, at the risk of forgetting them at a crucial moment – particularly given the need to have unique passwords for different accounts.

The majority of UK adults are still uncertain about how best to protect their privacy online.

If password managers are not required, what does your organisation use to manage and protect its passwords?

Credit: Yubico

“The respondents seem to rely heavily on outdated, unreliable or unsecured alternatives to password managers,” Manning commented.

“There is clearly a disconnect between what people expect and what is being delivered on a corporate level.  Education is important to deliver employers the benefits of highly secure authentication methods; the cost benefits of less downtime, fewer support calls and the added layer of security.”

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: