So you've set up MFA and solved the Elvish riddle, but some still think passwords alone are secure enough

About a third of firms and organisations in Europe and the Middle East still believe the humble password is a good enough security measure, according to a survey carried out by French firm Thales.

Moreover, two-thirds of the 400 IT professionals quizzed indicated "that their organisations plan to expand use of usernames and passwords in the future".

The findings come as a contrast to yesterday's survey, which showed that the majority of people (as opposed to companies) don't really care about good password hygiene and cheerfully reuse the same one everywhere they digitally go.

Thales, which bought secure mobile phone SIM card biz Gemalto in 2017, reckoned that over half (57 per cent) of IT pros it polled said that unsecured infrastructure was the most likely attack surface. With that in mind, password-protecting that sort of infrastructure makes more sense than simply leaving it open for any curious or malicious bod to poke around within.

Francois Lasnier, veep of access management solutions at Thales, opined: "Often, in an effort to adapt to the new working habits of users connecting from anywhere, which is increasingly pertinent right now and will become standard moving forward, businesses tend to revert back to old password-based logins for cloud services in despair. This is knowingly increasing their security exposure to credential stuffing and phishing attacks."

Thales, which, among other things, sells access management software, reckoned that its 400 respondents said the amount of staff training on security and access management, increasing spend on access management, and access management becoming a board priority "have all seen an increased focus".

Last year French-owned Thales flogged off hardware security module biz nCipher following its Gemalto acquisition, a sale demanded by competition regulators.

Password security is an ongoing bugbear for security folk. NordVPN found in a survey earlier this year that tens of thousands across the world were using such Fort Knox-style gems as "pakistan", "onedirection" and "superman". ®