State of Global Authentic(age)ion: A look at cybersecurity habits by generations

No generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as well as a rise in AI-driven cyber threats, bad actors were on the attack in record numbers. 

As we kick off 2025 with a continuously evolving threat landscape, it’s more important than ever to rethink security practices and how to create a holistic, proactive approach to cybersecurity hygiene across personal life and the workplace. Having an accurate view of the impact of cybersecurity – both positive as well as what can be improved upon – is an invaluable asset to improving security postures. Yubico was able to do just that last year: our 2024 State of Global Authentication survey captured a snapshot of the current state of cybersecurity – including how individuals and businesses around the world are tackling authentication and the increasing risks of technologies like AI on cybersecurity efforts globally. 

To get a better understanding of the results, we dove deeper into the differences (and similarities) of generations and the ages of respondents. With the survey highlighting overarching trends globally, the extended breakdown is a unique look at how generations differ in terms of their cybersecurity habits. For example, the results show clear differences in the habits of Gen Z compared to other generations – including how Gen Z is more aware of hacks impacting their daily lives, which is making them more conscious of their cybersecurity habits. Key global findings between generations include:

  • Nearly half of Gen Z (47%) and Millennials (46%) have had their social media account passwords hacked
  • Gen Z and Millennials lead in hardware security key usage, relying less on passwords than other generations 
  • Generations agree: 42% question whether organizations are doing enough to protect their data
  • Gen Z most concerned about AI’s role in cyberattacks, with 73% noting sophisticated scams
  • Gen Z is almost 20% more likely to use MFA than Baby Boomers and Gen X
  • Almost 50% of Baby Boomers believe usernames and passwords is an effective cybersecurity method – compared to 35% for Gen Z

Ronnie Manning, Yubico’s chief brand advocate, found the survey particularly interesting in relation to changing habits around cybersecurity regardless of age: “Beliefs around cybersecurity by all generations are changing globally, and this is reflected by key trends like reliance on traditional usernames and passwords as the primary form of authentication going down and the use of of modern MFA tools like hardware security keys trending up. 

Our results clearly show Gen Z is the most concerned with their cybersecurity, but we’re still seeing security become increasingly important for all demographics as cyber attacks like phishing continue being headline news. This includes using MFA beyond their work lives and into their personal lives as well, and becoming more educated around the use of modern MFA like passkeys in general.

With these generational breakdowns providing further insights to individual trends and approaches to cybersecurity globally, it’s important to understand the risks and how to stay secure from increasingly sophisticated cyber attacks like phishing. Not only does this mean becoming more educated on cybersecurity tools available, but reaching out to an employer or favorite businesses to ask them to add support for more secure authentication solutions like passkeys. Derek Hanson, VP of standards and alliances at Yubico, detailed some some tips for individuals to keep in mind in 2025:

  1. Check all of your frequently used online accounts and wherever possible, enable those accounts to use MFA to make it harder for phishing attacks to succeed. A hardware security key like a YubiKey, the gold standard for phishing-resistant MFA, works across hundreds of applications and services, providing strong security across multiple accounts.
  2. Be vigilant: Always check the email sender address to confirm if it is coming from the respective business or entity they are claiming to be from. If you receive a suspicious email or text message and are still unsure if it is legitimate, directly contact the organization to confirm that the claims or statements are accurate.
  3. Ensure you’re using a password manager

For more information on the survey findings breaking down demographics, check out our infographic below and here. You can also visit a breakdown of the full survey results here, in a Q&A here with Yubico’s Derek Hanson, as well as in our webinar.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day