HYPR, The Identity Assurance Company, and Yubico (NASDAQ: YUBICO), the provider of hardware authentication security keys, have published a new study on challenges, perceptions and outcomes in “the usage of password and passwordless authentication technologies.”
The report, titled “Transcending Passwords: The Next Generation of Authentication” exposes the profound business impact of authentication practices, “with consequences for security, productivity and employee retention.”
Findings show that organizations that “employ FIDO-based passwordless authentication technologies are least likely to be victims of phishing attacks, cut authentication times by 75%, and measurably reduced their IT service desk burden.”
The study, based on “a commissioned survey of 312 cybersecurity IT leaders and end users conducted by Enterprise Management Associates (EMA), reveals the strain that insecure and cumbersome authentication processes place on organizations, as well as their readiness to turn to passwordless solutions.”
Chris Steffen, vice president of research at EMA, said:
“Our independent and objective research findings confirm that we have reached an inflection point in authentication solutions driven by broad recognition that reliance on traditional passwords is no longer sustainable. It is an honor to have our comprehensive evaluation sponsored by two of the leading voices responsible for redefining how we think of and define identity security.”
The vast majority of surveyed businesses (82%) “reported breaches, including compromised credentials and successful phishing attacks.”
Employee behavior likely played “a role as 68% of respondents admit to violating corporate password policies.”
Organizations must be careful, however, in “turning to security controls that introduce friction — 65% of users say they would be motivated to change employers if presented with high-friction authentication processes.”
Notably, the majority of IT managers recognize “that the adoption of passwordless authentication will prevent most, or all, security breaches and those that have adopted FIDO-based technologies report the highest satisfaction rates with authentication processes.”
Bojan Simic, CEO of HYPR, said:
“This new data highlights that there is broad consensus that passwordless authentication, specifically FIDO-based technologies, are the way forward. Phishing-resistant passwordless solutions cut off the most common avenues of attack while providing a user experience people want to use.”
Key findings from the study include:
- 91% of workers still rely on passwords as a primary form of authentication.
- On average, business users authenticate ten times each day to access the business applications, data, and IT services they require to perform job tasks.
- On average, business users take four times longer to authenticate with a traditional password and an OTP verifier than with FIDO-based authenticators (mobile or security key).
- Businesses that have adopted FIDO-based technologies reported the highest satisfaction rates with their authentication processes
- 82% of surveyed businesses reported IT security breaches occurred in their organizations in the last year, including compromised credentials and successful phishing attacks
- Organizations using FIDO-based mobile authenticators or security keys as a primary authenticator were least likely to have been victims of a phishing attack
- 100% of business that have adopted FIDO standards reported significant quantifiable improvements, including increased security effectiveness, reduced help desk tickets, reduced password resets and improved user experiences