New research shows organizations using passwordless technologies experience the fewest phishing attacks, are more productive and achieve greater levels of employee satisfaction.

HYPR and Yubico, have published a new study on challenges, perceptions and outcomes in the usage of password and passwordless authentication technologies. The report, “Transcending Passwords: The Next Generation of Authentication” exposes the business impact of authentication practices, with consequences for security, productivity and employee retention. Findings show that organizations that employ FIDO-based passwordless authentication technologies are least likely to be victims of phishing attacks, cut authentication times by 75% and measurably reduced their IT service desk burden. 

The study, based on a commissioned survey of 312 cybersecurity IT leaders and end users conducted by Enterprise Management Associates (EMA), reveals the strain that insecure and cumbersome authentication processes place on organizations, as well as their readiness to turn to passwordless solutions. 

Eighty-two percent of  surveyed businesses reported breaches, including compromised credentials and successful phishing attacks. Employee behavior likely played a role as 68% of respondents admit to violating corporate password policies. Organizations must be careful, however, in turning to security controls that introduce friction — 65% of users say they would be motivated to change employers if presented with high-friction authentication processes.

Key report highlights

  • 91% of workers still rely on passwords as a primary form of authentication.
  • On average, business users authenticate 10 times each day to access the business applications, data and IT services they require to perform job tasks.
  • On average, business users take four times longer to authenticate with a traditional password and an OTP verifier than with FIDO-based authenticators (mobile or security key).
  • Businesses that have adopted FIDO-based technologies reported the highest satisfaction rates with their authentication processes
  • 82% of surveyed businesses reported IT security breaches occurred in their organizations in the last year, including compromised credentials and successful phishing attacks
  • Organizations using FIDO-based mobile authenticators or security keys as a primary authenticator were least likely to have been victims of a phishing attack
  • 100% of business that have adopted FIDO standards reported significant quantifiable improvements, including increased security effectiveness, reduced help desk tickets, reduced password resets and improved user experiences