Majority of developers identify AI as main security challenge, claims report
-
78% of developers see generative AI as a challenge to data security. However, 83% of respondents note their organizations have already invested in AI technology to manage and/or analyze data.
-
68% of developers have used passkeys for work applications, yet only 36% believe FIDO2 and passkeys could replace passwords.
-
Over half (54%) of developers spend 5 to 15 hours each week just managing secrets, showing a clear need for solutions to cut down this time.
Password management company Bitwarden has announced the results of its inaugural developer survey called Decoding Tomorrow: Developer Secrets, Security and the Future of Passkeys.
For the report, Bitwarden surveyed more than 600 developers to understand respondents’ behaviors around security best practices, as well as their perceptions of the adoption and implementation of passwordless authentication, secrets management, and the cybersecurity risks associated with the rise of generative AI.
Nearly three-quarters (72%) of developers have been impacted by a data breach, with 24% reporting substantial damage and disruption to their company. More than a fifth (21%) of respondents disclosed they use public computers to access work data, emphasizing the need for continuous education, robust security protocols, and organizational support to address cybersecurity threats.
Why Secure-By-Design is Easier Said Than Done
Ninety-four percent of developers find secure-by-design principles ‘very’ or ‘extremely important,’ yet 26% find implementation time-consuming and 18% cite understaffing and tight deadlines as barriers. Despite understanding the importance of implementing secrets management solutions, 65% of developers hard-code secrets in source code and 55% manage and share secrets in clear text and messaging apps.
Sixty-eight percent of developers have embraced passkeys for work applications, indicating a shift towards modern authentication technologies. Over a third (36%) see FIDO2 and passkeys as likely successors to passwords. There’s momentum in building passkey features for employees, with 87% of respondents actively developing them and 89% planning to implement them within the organization. However, for customer-facing passkey features, 83% indicate developing and 41% planning to implement, showing a more measured approach towards external user authentication.
Developers show a mix of optimism and concern towards new authentication methods. Thirty-six percent of developers envision FIDO2 and passkeys as dominant, reflecting trust in these technologies. Nearly half (48%) revealed that wider adoption will be a challenge over the next five years due to passwordless technology’s compatibility with legacy systems and password-dependent applications. Other respondents consider education and adoption (17%) as hurdles for transitioning users to new authentication systems, and balancing security benefits with user readiness.
Additionally, 40% are prioritizing increasing two-factor authentication (2FA) adoption, and 33% are focusing on enhancing password security. This suggests a balanced approach towards augmenting authentication security as passkey adoption continues to rise alongside greater industry acceptance and support.
AI: A Renewed Need for Cybersecurity
Seventy-eight percent of developers see generative AI as a major challenge for data security and more than a third (38%) consider it the biggest cyber threat to organizations over the next five years. Despite concerns, 83% of developers revealed that their organizations have invested in AI technology to manage and/or analyze data.
Respondents also disclosed that they are entering a significant range of sensitive data into generative AI platforms, including developer secrets (35%), employee review data (30%), meeting details (29%), and more. The data showcases the fine line between harnessing AI’s potential and mitigating its inherent risks.
Says Bitwarden CEO Michael Crandell:
“The 2024 developer survey highlights a move towards modern authentication like passkeys in work applications. However, it also shows risky practices continue despite regular security training.
“This data underscores the industry-wide challenge of translating security awareness into action. It’s clear there’s a need for accessible tools to help the developer community and organizations manage secrets securely, enforce strong authentication, and handle the risks of AI, while keeping innovation on track.”
