Nov 17, 2023

Businesses that eliminate passwords experience better outcomes November 17, 2023 Research finds organizations using passwordless technologies experience the fewest phishing attacks, are more productive and achieve greater levels of employee satisfaction HYPR, The Identity Assurance Company, and Yubico (NASDAQ: YUBICO), the leading provider of hardware authentication security keys, have published a new study on challenges, perceptions and outcomes in the usage of password and passwordless authentication technologies. The report, titled “Transcending Passwords: The Next Generation of Authentication” exposes the profound business impact of authentication practices, with consequences for security, productivity and employee retention. Findings show that organizations that employ FIDO-based passwordless authentication technologies are least likely to be victims of phishing attacks, cut authentication times by 75%, and measurably reduced their IT service desk burden. The study, based on a commissioned survey of 312 cybersecurity IT leaders and end users conducted by Enterprise Management Associates (EMA), reveals the strain that insecure and cumbersome authentication processes place on organizations, as well as their readiness to turn to passwordless solutions. “Our independent and objective research findings confirm that we have reached an inflection point in authentication solutions driven by broad recognition that reliance on traditional passwords is no longer sustainable,” noted Chris Steffen, vice president of research at EMA. “It is an honor to have our comprehensive evaluation sponsored by two of the leading voices responsible for redefining how we think of and define identity security.” The vast majority of surveyed businesses (82%) reported breaches, including compromised credentials and successful phishing attacks. Employee behavior likely played a role as 68% of respondents admit to violating corporate password policies. Organizations must be careful, however, in turning to security controls that introduce friction — 65% of users say they would be motivated to change employers if presented with high-friction authentication processes. Notably, the majority of IT managers recognize that the adoption of passwordless authentication will prevent most, or all, security breaches and those that have adopted FIDO-based technologies report the highest satisfaction rates with authentication processes. “This new data highlights that there is broad consensus that passwordless authentication, specifically FIDO-based technologies, are the way forward,” Bojan Simic, CEO of HYPR. “Phishing-resistant passwordless solutions cut off the most common avenues of attack while providing a user experience people want to use.” Key findings from the study include: 91% of workers still rely on passwords as a primary form of authentication. On average, business users authenticate ten times each day to access the business applications, data, and IT services they require to perform job tasks. On average, business users take four times longer to authenticate with a traditional password and an OTP verifier than with FIDO-based authenticators (mobile or security key). Businesses that have adopted FIDO-based technologies reported the highest satisfaction rates with their authentication processes 82% of surveyed businesses reported IT security breaches occurred in their organizations in the last year, including compromised credentials and successful phishing attacks Organizations using FIDO-based mobile authenticators or security keys as a primary authenticator were least likely to have been victims of a phishing attack 100% of business that have adopted FIDO standards reported significant quantifiable improvements, including increased security effectiveness, reduced help desk tickets, reduced password resets and improved user experiences “Organizations want to move to passwordless, phishing-resistant authentication; it’s a matter of charting their course to get there,” said Josh Cigna, solutions architect at Yubico. “That’s where our partnership with HYPR comes in. Through our joint Yubico-HYPR solution, organizations can easily deploy both hardware and software FIDO authenticators, giving them flexibility and choice across the enterprise.” EMA will be discussing the study results and implications in a webinar on November 16, 11 AM PT | 2 PM ET. Register here» To read the full report, please visit: https://www.hypr.com/resources/report-ema-transcending-passwords A blog post with additional context on the study can be found here. Learn more about the HYPR | Yubico passwordless authentication solution: yubi.co/HYPR