Yubico releases 2020 State of Password and Authentication Security Behaviors report

Today, Yubico released its second annual State of Password and Authentication Security Behaviors Report, conducted by Ponemon Institute. The study surveyed 2,507 IT security practitioners in Australia, France, Germany, Sweden, United Kingdom, and United States, as well as 563 individual users.

Last year’s report strictly focused on IT security professionals and their password and authentication behaviors and beliefs, so in this year’s report we were curious to see if any of these habits improved. Additionally, we wanted to see how their security practices or preferences compared to the individual users — employees and customers — that IT professionals are serving.

Ultimately, we discovered that both IT practitioners and individuals are engaging in risky security practices. Password problems continue to prevail, two-factor authentication (2FA) lacks adoption, and mobile use introduces a new set of security challenges and complexities.

What’s also interesting about this year’s report is that we can see the gaps between the solutions and technologies that IT security respondents are implementing, and the preferences from individual users.

These findings underscore the need for easy-to-use and highly secure solutions for IT professionals and individual users to reach a safer future together. The good news is that we are well on our way with the growing adoption of FIDO and WebAuthn open standards. Today, WebAuthn is supported in all major platforms and browsers, bringing the benefits of security keys and the promise of passwordless login to millions around the world — two solutions that both IT and individual respondents rated as desirable.

See our infographic below for a high-level view of some of the most salient findings.

To download the full research report and infographic, please visit yubico.com/authentication-report-2020. To learn more about cybersecurity trends on the path to digital transformation, sign up for the upcoming Yubico webinar on March 18 at 10 a.m. PST.

Ponemon report infographic

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST