HYPR and Vanson Bourne have released the 2023 State of Passwordless Security Report, which reveals that insecure authentication is a primary cause of cyber breaches. Cumbersome login methods also take an unacceptable toll on employees and business productivity. Respondents indicate that a passwordless approach would increase productivity, improve user experience, strengthen security, and accelerate the adoption of multi-factor authentication.
The cost of breaches to organizations is profound, with many experiencing reputation damage, loss of customers to competitors, critical data loss, and significant financial loss. Despite these costs, 58% of organizations kept the same insecure authentication methods after facing a breach. User experience is a major pain point, with workforce resistance towards using authentication technology, and legacy authentication has other material consequences.
The report derives insights from over 1,000 IT security professionals representing a diverse set of companies across many industries in the United States, the United Kingdom, France, Germany, China, Australia, and Japan. It sheds light on current cyberthreats and their impact on business units, IT teams, and individuals. Key research findings include that 60% of organizations reported authentication breaches over the last 12 months, and three out of the top four attack vectors are connected to authentication.
Companies spent an average of $375 per employee per year in help desk costs on password-related issues. On average, employees navigate four different authentication methods daily, and 81% of respondents were blocked from work-critical information due to forgetting their password. Only 3% of organizations that state they use passwordless authentication for employees are using phishing-resistant passwordless methods.
28% of organizations were hit by push notification attacks (MFA bombing), more than double the number reported in last year's study. The financial services and energy and utilities sectors were the most affected by cyberattacks, experiencing a 20% higher rate of push attacks than average. 86% of IT/IS security decision-makers believe that passwordless authentication provides the highest level of authentication security, and 86% also believe that passwordless authentication is needed to ensure user satisfaction.
The report emphasizes that maintaining the status quo is a risky proposition, and a passwordless approach provides a user experience people will want to adopt while ensuring the security defenses that today's threat landscape demands. The FIDO Alliance has a vision for simpler, stronger authentication that begins by getting rid of passwords and replacing them with phishing-resistant solutions that radically improve the user experience.