The long-standing, oft-deferred security threat posed by password-based authentication is now front and center. Some of the most damaging cyberattacks in the past year were caused or enabled by weak password protection. For example, the Colonial Pipeline breach that shut down fuel supply operations to the eastern United States was traced to a single compromised password.

This untenable risk, along with growing regulatory pressures such as the the 2021 Executive Order on Cybersecurity’s Zero Trust mandate, are prompting more organizations to turn to passwordless options. There’s growing recognition that passwordless security approaches can provide significantly better protection and user experience as well as cost savings.

To further clarify the state and direction of passwordless authentication, we conducted our second annual survey among IT and security professionals across the globe.

The data we collected reveals several significant trends:

• Traditional multi-factor authentication (MFA) methods are increasingly under attack. These include Remote Desktop Protocol (RDP) attacks, account takeover (ATO) fraud, phishing, man-in-the-middle (MitM) attacks, credential stuffing and push attacks.

• Remote work continues to be the main driver for passwordless authentication, especially against the backdrop of the significant increase in phishing attacks in recent years.

• Organizations face serious security gaps due to insecure authentication methods based on secret-sharing.

• A decoupled, standards-based approach that provides interoperability helps organizations reduce complexity and is key to future passwordless adoption at scale.

We hope you find this report informative and helpful as you continue your efforts in protecting your IT environments against cyberthreats.