Password-based authentication is no longer an effective way to meet the demands of modern information security. That's a major finding of a recent survey from the Las Vegas-based LaunchKey, a provider of mobile authentication platforms.
An overwhelming 84% of survey respondents said they would support eliminating passwords all together. Additionally, more than three-quarters of those surveyed (76%) said they feel their data would be better secured through an alternative form of authentication, with 59% preferring fingerprint scans over passwords.
Nearly half of the survey's respondents (46%) said they currently have more than 10 passwords to manage, and 68% acknowledged that they reuse passwords for multiple accounts. Additionally, 77% said they often forget passwords or have to write them down. Among respondents' top password "pet peeves" are systems that require users to change their passwords frequently and create passwords that do not fit the model of one they regularly use.
Because the most common method of account takeover starts with obtaining a list of user names and passwords, the presence of passwords makes cybercriminals' jobs easier. However, users enable the process even more by continuing to choose popular, weak passwords, such as the simple number combinations "1-2-3-4" and "1-2-3-4-5-6-7-8," and words such as "password" and "qwerty."
"Today, the pace of security breaches directly related to stolen passwords and bypassed authentication is increasing along with the severity of their consequences," Geoff Sanders, president/CEO for LaunchKey said. "Passwords are inherently insecure as a method of authentication, and their ecacy relies on end users, developers, system administrators and the applications themselves, all of which are vulnerable to a wide variety of attack vectors currently being exploited by cyberattacks around the world."
Sanders also noted that 27% of survey respondents acknowledged sharing their passwords with someone else.
While strong authentication is the correct approach, the traditional method of two-factor authentication (2FA) is still insufficient, LaunchKey said. According to the survey, 64% do not know what 2FA is, while only 20% say 2FA is easy to use. Furthermore, many 2FA solutions on the market today present a significant cost and logistical burden. A single hardware token can cost as much as $100 or more, making a 2FA solution that only satisfies a limited subset of use cases impractical.
The LaunchKey survey also measured users' trust of public institutions to protect personal information. Given the high number of recent merchant data breaches, such as those at Target and Home Depot, it is no surprise that 52% of survey respondents expressed little to no confidence in retailers' ability to properly secure one's personal information, and 43% said they have little to no confidence in online retailers. Conversely, 48% of respondents expressed high confidence in banks' ability to protect personal information.
"The future of authentication is free from traditional passwords," Sanders said. "We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversied landscape of use cases, end users and threats."
The survey was conducted across the U.S. during the week of Aug. 12, 2015 through a third-party firm that did not identify LaunchKey to respondents as the author.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.