HYPR and Vanson Bourne released the 2023 State of Passwordless Security Report.
This third annual edition reveals that insecure authentication is a
primary cause of cyber breaches and that cumbersome login methods take
an unacceptable toll on employees and business productivity. Respondents
indicate that a passwordless approach would increase productivity
(45%), improve user experience (86%), strengthen security (86%) and
accelerate adoption of multi-factor authentication (42%).
"The report findings make it evident that maintaining the status quo is a risky proposition all around," said Bojan Simic,
CEO and CTO of HYPR. "A passwordless approach provides a user
experience people will want to adopt and ensures the security defenses
that today's threat landscape demands. Simply put, if users won't adopt
your security controls, they are destined to fail. This report offers
insights and evidence to support organizational leaders in making the
business case to move towards phishing-resistant passwordless
authentication."
The cost of breaches to organizations is profound, with 35% suffering
reputation damage, 36% losing customers to their competition, 53%
experiencing critical data loss, and 56% facing significant financial
loss. Despite these tremendous costs, an astounding 58% of organizations
said they kept the same insecure authentication methods after facing a
breach. Legacy authentication has other material consequences. User
experience is a major pain point as reported by 64% of IT and security
leaders with nearly one third (31%) of organizations finding workforce
resistance towards using authentication technology. This proves that
user experience holds a role as important as security when it comes to
the adoption of strong authentication.
"It is time to take action. HYPR's research highlights the poor user
and administrator experience caused by layering increasingly complex
authentication on top of a fundamentally flawed password foundation,"
said Andrew Shikiar, Executive Director
and CMO of FIDO Alliance. "The FIDO Alliance has a vision for simpler,
stronger authentication. It begins by getting rid of passwords and
replacing them with phishing-resistant solutions that radically improve
the user experience. Universal adoption will depend on individuals
embracing this shift."
The 2023 State of Passwordless Security
report derives insights from over 1,000 IT security professionals
representing a diverse set of companies across many industries in both
the private and public sectors located in the United States, the United Kingdom, France, Germany, China, Australia, and Japan.
It sheds light on current cyberthreats and their impact on business
units, IT teams and individuals. Key research findings include:
- 60% of organizations reported authentication breaches over the last 12 months.
- Three out of the top four attack vectors are connected to authentication.
- 58% of organizations kept their insecure authentication methods following a breach.
- Authentication-related breaches cost each organization $2.95 million in the last 12 months, on average.
- Companies spent an average of $375 per employee per year in help desk costs on password-related issues.
- On average, employees navigate four different authentication methods daily.
- 81% of respondents were blocked from work-critical information due to forgetting their password.
- Of organizations that state they use passwordless authentication for employees, the term passwordless is widely misunderstood: only 3% are using phishing-resistant passwordless methods.
- 28% of organizations were hit by push notification attacks
(MFA bombing), more than double the number reported in last year's
study.
- The financial services and the energy and utilities sectors were the most affected by cyberattacks, experiencing a 20% higher rate of push attacks than average.
- 86% of IT/IS security decision makers believe that
passwordless authentication provides the highest level of authentication
security.
- 86% also believe that passwordless authentication is needed to ensure user satisfaction.
To download a copy of HYPR's 2023 State of Passwordless Security report, visit https://www.hypr.com/passwordless-security-report.