Bitwarden announced the results of its inaugural developer survey: "Decoding Tomorrow: Developer Secrets, Security and the Future of Passkeys." For the report, Bitwarden surveyed more than 600 developers to understand respondents' behaviors around security best practices, as well as their perceptions on the adoption and implementation of passwordless authentication, secrets management, and the cybersecurity risks associated with the rise of generative AI.

Training vs. Doing: Uncovered Security Risks

The survey shows that 91% of developers have regular security training, yet the application of these practices paints a different picture. Despite ongoing training, 65% admit to hard-coding secrets in source code and 55% keep secrets in clear text, elevating the risk of data exposure and security breaches.

The risks associated with these practices are clear. Nearly three-quarters (72%) of developers have been impacted by a data breach, with 24% reporting substantial damage and disruption to their company. More than a fifth (21%) of respondents disclosed they use public computers to access work data, emphasizing the need for continuous education, robust security protocols, and organizational support to address cybersecurity threats.

Why Secure-By-Design is Easier Said Than Done

Ninety-four percent of developers find secure-by-design principles ‘very' or ‘extremely important,' yet 26% find implementation time-consuming and 18% cite understaffing and tight deadlines as barriers. Despite understanding the importance of implementing secrets management solutions, 65% of developers hard-code secrets in source code and 55% manage and share secrets in clear text and messaging apps. These findings highlight the need for organizational frameworks to support seamless integration of secure-by-design principles.

Passwordless Authentication: Balancing Security and Convenience

Sixty-eight percent of developers have embraced passkeys for work applications, indicating a shift towards modern authentication technologies. Over a third (36%) see FIDO2 and passkeys as likely successors to passwords.

There's momentum in building passkey features for employees, with 87% of respondents actively developing them and 89% planning to implement them within the organization. However, for customer-facing passkey features, 83% indicate developing and 41% planning to implement, showing a more measured approach towards external user authentication.

Developers show a mix of optimism and concern towards new authentication methods. Thirty-six percent of developers envision FIDO2 and passkeys as dominant, reflecting trust in these technologies. Nearly half (48%) revealed that wider adoption will be a challenge over the next five years due to passwordless technology's compatibility with legacy systems and password-dependent applications. Other respondents consider education and adoption (17%) as hurdles for transitioning users to new authentication systems, and balancing security benefits with user readiness.

Additionally, 40% are prioritizing increasing two-factor authentication (2FA) adoption, and 33% are focusing on enhancing password security. This suggests a balanced approach towards augmenting authentication security as passkey adoption continues to rise alongside greater industry acceptance and support.

AI: A Renewed Need for Cybersecurity

Seventy-eight percent of developers see generative AI as a major challenge for data security and more than a third (38%) consider it the biggest cyber threat to organizations over the next five years. Despite concerns, 83% of developers revealed that their organizations have invested in AI technology to manage and/or analyze data. Respondents also disclosed that they are entering a significant range of sensitive data into generative AI platforms, including developer secrets (35%), employee review data (30%), meeting details (29%), and more. The data showcases the fine line between harnessing AI's potential and mitigating its inherent risks.

"The 2024 developer survey highlights a move towards modern authentication like passkeys in work applications," said Bitwarden CEO Michael Crandell. "However, it also shows risky practices continue despite regular security training. This data underscores the industry-wide challenge of translating security awareness into action. It's clear there's a need for accessible tools to help the developer community and organizations manage secrets securely, enforce strong authentication, and handle the risks of AI, while keeping innovation on track."