Multi-factor authentication (MFA) has nearly doubled since 2020 and phishing-resistant authenticators represent the best choice in terms of security and convenience for users, according to the Secure Sign-In Trends Report from Okta.
The report analysed billions of monthly workforce customer logins to Okta Workforce Identity Cloud across more than 16 industries worldwide.
"Okta is advancing our customers' zero trust security strategies by helping them adopt innovations like phishing-resistant MFA and passwordless," says Todd McKinnon, co-founder and CEO of Okta.
"By sharing data on our customers' adoption of these critical technologies, we can drive greater progress with governments, our partners, and our customers."
Last month, on Password Day, Okta called businesses to sign the Okta Passwordless Pledge. Okta is calling on every company that makes or uses software to start its own passwordless journey and reduce its reliance on passwords for new applications by the end of 2025.
According to Okta, passwords are a headache for consumers and businesses and are often one of the weakest links in an organisation's cybersecurity defences.
"With 80% of web application breaches caused by compromised credentials and phishing attacks on the rise, it's time for passwords to end," the company says.
"Passwordless technology is faster, more secure, and less hassle. Companies can start today by exploring passwordless authentication methods and not requiring passwords for new applications."
The top takeaways from the report include:
- 90% of Okta administrators and 64% of users signed in using MFA during January 2023.
- Sign-in methods offering the highest phishing resistance (Okta FastPass and FIDO2 WebAuthn) also provide the fastest, most reliable user experience.
- The technology industry is best placed to move to a passwordless future, with 87% of account logins already using MFA.
- Insurance (77%), Professional Services (75%), Construction (74%), and Media & Communications (72%) round out the top five industry adopters. Surprisingly, highly regulated industries tend to lag.
- MFA adoption by Okta's workforce customers jumped from 35% to 50% in two months between February and March 2020. Organisations with fewer than 300 employees (79%) exceed the MFA use of enterprises with more than 20,000 employees (54%).
MFA adds an extra layer of security on top of credentials like passwords, which are highly susceptible to abuse.
More than 80 per cent of Business Web Application Attacks and nearly half of all business email compromise attacks result from stolen usernames and passwords.
MFA provides greater certainty that a user is who they claim to be before granting access to an application or online account. MFA verifies identities by asking users to provide different types of information or factors to gain access to an account or application. However, increased sophisticated MFA bypass attacks are prompting organisations to evaluate the need for phishing-resistant authentication flows.
According to the report, phishing-resistant authentication such as Okta FastPass or FIDO2 WebAuthn offers the optimal mix of security and user experience. While it's frequently assumed that technology decision-makers must "trade-off" security for user experience, Okta's research finds that, on average, signing in with passwordless, phishing-resistant authenticators saves time and is less prone to failure when compared to using passwords.