With password authentication baked deep into countless legacy and even modern applications, resistance and long metamorphosis periods cause adoption delays.

In an S&P Market Intelligence business impact brief by one cybersecurity firm, organizations have been given the lowdown on comprehensive password management policies in order to ensure employee password practices are as secure as possible.

The brief noted that the widespread use of username-password combinations is the most-deployed form of authentication in organizations polled. Following this are mobile push-based multi-factor authentication MFA (47%), SMS-based MFA (40%) and biometrics (31%).

Many organizations in surveys were noted to use a combination of multiple authentication factors to complement password and username combinations. Also, passwordless authentication appeared to be  gaining traction with support from big tech: passkeys are passwordless credentials that make it substantially easier for consumers to adopt FIDO-based authenticators. However, in terms of enterprise adoption, passkeys are still in the very early stages, according to the brief.

According to Darren Guccione, CEO and co-founder, Keeper Security, the firm producing the business impact brief: “Passwords continue to reign supreme as organizations struggle to balance security with simplicity, cost of ownership and flexibility — particularly in hybrid working environments.”

According to Guccione, Single Sign-On (SSO) and passwordless authentication — although effective — are not universally supported, and therefore, create security holes that leave organizations vulnerable. “It is crucial for organizations still relying on the password and username combination, or a hybrid model of passwords and passwordless technologies, to ensure they are managed appropriately and securely.”

For those considering the implementation of passkeys, websites have been slow to offer support for a variety of reasons, Guccione noted, adding that password and username combinations will remain a key part of the enterprise landscape for the foreseeable future.

In view of this trend, organizations can boost cyber resilience with password management protocols that integrate and support a wide range of authentication methods to ensuring security and cyber hygiene.