IT security practitioners routinely engage in risky password and authentication practices. And there’s a misalignment between expectations and reality when it comes to the implementation of usable security tools, according to a recent report from Yubico and conducted by the Ponemon Institute. Researchers surveyed 2,507 global IT and IT security leaders, as well as 563 individual users. They found that while most IT leaders have strong awareness of best practice authentication and password management, those tools and skills are often not put into action due to inconvenience or usability issues. In fact, individual users were found to have better security practices than the IT leaders. The report found that of the 35 percent of users who reported experiencing an account takeover, 76 percent changed how they managed their account passwords or protected their accounts.