Beyond Identity, a security business, has disclosed the findings of new industry study into password security issues, demonstrating that cloud professionals are still concerned about password security. Over four-fifths (83%) of cloud professionals are confident in the security effectiveness of passwords, with over a third (34%) indicating they are extremely confident, according to a study of more than 150 cloud industry experts conducted at the recent Cloud Expo Europe event. Despite the fact that weak password practises are routinely exploited in cyber-attacks around the world, with compromised identities accounting for 80% of all breaches.[1]

When asked about their password-using experiences, cloud pros expressed a variety of difficulties with password-based system hygiene requirements. Over half of the respondents (60%) find it difficult to remember various passwords, 52% find it difficult to change their passwords on a regular basis, and another 52% are frustrated by the obligation to choose complicated passwords comprising numbers and symbols.[1]

Figure 1. Passwords are Still Important to Cloud Pros, According to A Study

Figure 1 shows the number of passwords used by cloud workers on a regular basis emphasises these difficulties: A quarter of respondents (26%) use 4-5 passwords on a daily basis, with 10% using 10 or more passwords. To compound password users' troubles, many firms need regular password changes, with 38% advising quarterly updates, 27% advocating monthly changes, and 6% requesting daily or weekly changes. This might be a difficult task with few security benefits.[1]

The poll also reaffirms the importance of passwords as a target for threat actors, with phishing assaults being common. When asked if they'd ever received a phishing email and reported it to their security team, more than a third of cloud professionals said they'd reported 1-3, 18% reported 4-6, and nearly a quarter (23%) reported 7 or more. Worryingly, 11% have received but not reported a phishing email, and one-fifth (20%) are unsure if they have ever unintentionally clicked on a phishing link. Nearly one-fifth (19%) of co-workers have clicked on a phishing email, and more than a quarter have done it themselves - 11% have done it more than once, and 5% do it on a daily basis.[2]

"Widespread user frustration poses a risk for organisations that rely on password-based systems to protect their data in the face of ongoing phishing attacks." According to Patrick McBride, co-founder of Beyond Identity, "this survey shows an alarming, displaced confidence from cloud professionals - the bottom line is you can't have effective security and advance to meet the promise of Zero Trust Security if you're still using passwords."[3]

Despite attacks on credentials and difficulties with password hygiene rules, the majority of cloud professionals (74 percent) agree that changing passwords on a frequent basis is good cybersecurity practise. The majority of cloud organisations (82 percent) utilise Multi Factor Authentication (MFA) as an additional layer of authentication, with a Mobile Authenticator App being the most popular MFA. When questioned about MFA, the general feeling was favourable, with more than half (55 percent) saying they were'very confidence' in it as a security precaution. This is despite an alarming number of successful MFA bypass attempts in the last year, including high-profile examples involving Coinbase, Twilio, Reddit, Uber, and Okta.[3]

However, based on current trends and practices, passwords are likely to remain an important aspect of cloud security for IT and security professionals. While alternative authentication methods such as biometric authentication, multi-factor authentication, and single sign-on are becoming more common, passwords are still widely used and are often the first line of Défense against unauthorized access. It is important for organizations to implement strong password policies, enforce password complexity requirements, and provide regular training on password security to their employees to mitigate the risk of password-related security breaches in cloud environments.

References:

1. https://technologymagazine.com/articles/study-cloud-professionals-remain-attached-to-passwords
2. https://cybermagazine.com/articles/cloud-professionals-remain-attached-to-password-security
3. https://www.thinkdigitalpartners.com/news/2023/05/10/cloud-professionals-remain-overly-attached-to-passwords/.

Cite this article:

Janani R (2023), Passwords are Still Important to Cloud Pros, According to A Study, Anatechmaz, pp.91