Study: Businesses That Eliminate Passwords Report Better Business and Security Outcomes

Ryan Schin

Ryan Schin

5 minute read

Research finds organizations using passwordless technologies experience the fewest phishing attacks, are more productive and achieve greater levels of employee satisfaction  

NEW YORK CITY and STOCKHOLM, SWEDEN – November 16, 2023 – HYPR, The Identity Assurance Company, and Yubico (NASDAQ: YUBICO), the leading provider of hardware authentication security keys, have published a new study on challenges, perceptions and outcomes in the usage of password and passwordless authentication technologies. The report, titled “Transcending Passwords: The Next Generation of Authentication” exposes the profound business impact of authentication practices, with consequences for security, productivity and employee retention. Findings show that organizations that employ FIDO-based passwordless authentication technologies are least likely to be victims of phishing attacks, cut authentication times by 75%, and measurably reduced their IT service desk burden. 

The study, based on a commissioned survey of 312 cybersecurity IT leaders and end users conducted by Enterprise Management Associates (EMA), reveals the strain that insecure and cumbersome authentication processes place on organizations, as well as their readiness to turn to passwordless solutions. 

“Our independent and objective research findings confirm that we have reached an inflection point in authentication solutions driven by broad recognition that reliance on traditional passwords is no longer sustainable,” noted Chris Steffen, vice president of research at EMA. “It is an honor to have our comprehensive evaluation sponsored by two of the leading voices responsible for redefining how we think of and define identity security.”

The vast majority of surveyed businesses (82%) reported breaches, including compromised credentials and successful phishing attacks. Employee behavior likely played a role as 68% of respondents admit to violating corporate password policies. Organizations must be careful, however, in turning to security controls that introduce friction — 65% of users say they would be motivated to change employers if presented with high-friction authentication processes.

Notably, the majority of IT managers recognize that the adoption of passwordless authentication will prevent most, or all, security breaches and those that have adopted FIDO-based technologies report the highest satisfaction rates with authentication processes.

“This new data highlights that there is broad consensus that passwordless authentication, specifically FIDO-based technologies, are the way forward,” Bojan Simic, CEO of HYPR. “Phishing-resistant passwordless solutions cut off the most common avenues of attack while providing a user experience people want to use.”

Key findings from the study include:

  • 91% of workers still rely on passwords as a primary form of authentication.
  • On average, business users authenticate ten times each day to access the business applications, data, and IT services they require to perform job tasks.
  • On average, business users take four times longer to authenticate with a traditional password and an OTP verifier than with FIDO-based authenticators (mobile or security key).
  • Businesses that have adopted FIDO-based technologies reported the highest satisfaction rates with their authentication processes
  • 82% of surveyed businesses reported IT security breaches occurred in their organizations in the last year, including compromised credentials and successful phishing attacks
  • Organizations using FIDO-based mobile authenticators or security keys as a primary authenticator were least likely to have been victims of a phishing attack
  • 100% of business that have adopted FIDO standards reported significant quantifiable improvements, including increased security effectiveness, reduced help desk tickets, reduced password resets and improved user experiences

“Organizations want to move to passwordless, phishing-resistant authentication; it’s a matter of charting their course to get there,” said Josh Cigna, solutions architect at Yubico. “That’s where our partnership with HYPR comes in. Through our joint Yubico-HYPR solution,  organizations can easily deploy both hardware and software FIDO authenticators, giving them flexibility and choice across the enterprise.”  

EMA will be discussing the study results and implications in a webinar on November 16, 11 AM PT | 2 PM ET. Register here»

To read the full report, please visit: https://www.hypr.com/resources/report-ema-transcending-passwords 

A blog post with additional context on the study can be found here.

Learn more about the HYPR | Yubico passwordless authentication solution:

About Yubico

Yubico (Nasdaq First North Growth Market Stockholm: YUBICO) is the inventor of the YubiKey, a hardware security key that is the gold standard in phishing-resistant multi-factor authentication (MFA). Yubico’s solutions offer organizations and users deployment expertise and operational flexibility as YubiKeys work across hundreds of consumer and enterprise applications and services.

Yubico is a creator and core contributor to the FIDO2/passkey, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based passkey authentication security at scale to customers in over 160 countries. For more information, please visit: www.yubico.com.

About HYPR

HYPR, the Identity Assurance Company, helps organizations create trust in the identity lifecycle.  The HYPR solution provides the strongest end-to-end identity security, combining modern passwordless authentication with adaptive risk mitigation, automated identity verification and a simple, intuitive user experience. With a third-party validated ROI of 324%, HYPR easily integrates with existing identity and security tools and can be rapidly deployed at scale in the most complex environments. Additional information is available at hypr.com.

Media:

Fabienne Dawson

fabienne@hypr.com 

917.374.6860

Yubico Communications Team

press@yubico.com

Share this article:
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft
  • Yubico’s commitment to innovation: Phishing-resistance as a cornerstone for cyber resilienceAs phishing attacks have reached an unprecedented level of frequency and sophistication, enterprises must prioritize authentication that is phishing-resistant – regardless of the business scenario, platform or device users are working with. This is why Yubico prioritizes consistent product innovations that deliver on our customer’s needs for modern, phishing-resistant authentication solutions that enable businesses to […]Read more
  • CEO Corner: Wrapping up a strong year, and looking ahead to 2025 and beyondIt’s no secret that 2024 was a big year of growth for Yubico, highlighted across many notable achievements by our team and increasing demand from our customers. As discussed in my previous post, following a transformative year driven by key cybersecurity trends like passkeys and AI, the year culminated in the significant step of Yubico […]Read moreCEOEarningsMattias Danielsson
  • The rise of AI-driven phishing attacks: What to know and how to be secureAs businesses continue learning the benefits that artificial intelligence (AI) assisted computing tools provide, we’re continuing to see rapid interest and adoption of the technology – especially within the enterprise. Most conversations up until recently have revolved around ChatGPT, but now another new AI-powered large language model tool – DeepSeek – is creating a lot […]Read more