It is well known that passwords are more vulnerable than other security methods, but that doesn't stop organizations from using them.

According to a new survey by Thales Group, 41% of IT security professionals in the U.S. and Brazil believe that passwords are still effective for access control, regardless of security concerns.

According to Thales Group, a majority of the 300 survey respondents plan to "expand the use of usernames and passwords despite the strong security challenges the restrictions may create."

The report also asked IT decision makers about common cyber attack targets. Most respondents (68%) indicated that unprotected infrastructure was the primary cyber attack target, followed by cloud apps (58%) and web portals (52%).

Thales found that the increase in remote work following the coronavirus pandemic has forced IT departments to balance security and convenience.

"The recent explosion of remote work environments brought on by the global Covid-19 pandemic has forced IT departments to play a tug-of-war between security and convenience at a time when risk is highest," the company wrote in a media release.

Nearly all respondents (94%) said their access control security policies were "affected by the breach," but more than half (58%) of IT departments were allowing employees to access corporate resources via social media accounts.

Worryingly, 28% of respondents said social media logins were "one of the best tools for protecting cloud and web-based authentication."

Additionally, respondents stated that security concerns (88%) or the possibility of being the victim of a major breach (84%) were the primary reasons for adopting an access management solution.

The survey also explored how the growing adoption of cloud will create "additional complexity" for organizations, with 97% of respondents expecting problems if their organizations do not have application security measures in place.

When it comes to access management, two-factor authentication (66%), smart single sign-on (43%), and biometric authentication (39%) are considered the best ways to secure cloud and web apps.

While many organizations still rely heavily on passwords, the majority of participants (95%) indicated that they employ multi-factor authentication technologies.

However, only 15% said they have a dedicated multi-factor authentication tool, and while smart single sign-on was the least popular method of access management (59%), 26% plan to adopt it this year and 86% plan to expand its use. [François Lasnier, Vice President of Access Management Solutions at Thales, said, "Innovations in access security enable organizations to overcome their reliance on passwords, which have proven to be inadequate in protecting data. [Organizations that leverage cloud-based access and passwordless authentication to expand their secure cloud deployments can meet the growing need for improved security, especially now that access control is critical for today's remote workers.

Eliminating usernames and passwords as the sole authentication method and using smart single sign-on more broadly will provide a higher level of security and convenience as more and more applications are delivered from outside the security perimeter.