MENLO PARK, Calif.–(BUSINESS WIRE)–Secret Double Octopus (SDO), in partnership with Dimensional Research, announced today the results of their global annual study focusing on the state of workforce passwordless authentication and multi-factor authentication (MFA) usage generally. The companies surveyed over 300 IT professionals with responsibility for workforce identities and their security at organizations with more than 1,000 employees.
The survey isolated perceptions and adoption of newer FIDO2-certified enterprise passwordless solutions, and segregated the impact of single sign-on portal and endpoint biometric-based “passwordless-like” experiences. Passwordless-like experiences often mimic an authentication experience where no password is utilized, but retain a password and the subsequent security risk, as well as require the password to be remembered by the end-user from time to time. FIDO2 security keys and FIDO2-compliant software solutions that leverage decentralized smartphone vaults and biometrics were defined as “next-generation passwordless” solutions.
“Workforce identity and security professionals are clear that next-gen passwordless solutions as defined in the survey have the potential to deliver stronger security outcomes than existing MFA or traditional passwordless approaches,” said Diane Hagglund, Founder and President of Dimensional Research. “This study brings clarity to confusion that exists in the market when we talk about different approaches to passwordless MFA, given that many IT professionals associate this language with a range of technologies including SSO and TouchID.”
Key survey findings included:
- Only 16% of organizations use MFA across all password logins, suggesting MFA has not reached an end-to-end universality required to completely seal off the surface area of attack.
- Just 33% indicated the use of one MFA provider, with 50% having two or three providers and 17% having four or more, suggesting IT complexity when it comes to traditional MFA.
- 70% of respondents think of single sign-on (SSO) portals when thinking of passwordless and 63% associate PC device-bound biometrics such as Windows Hello for Business as part of the passwordless trend.
- 49% indicated they are currently using a next-gen passwordless solution
- Superior end-user experience and better security coverage are the top two benefits participants felt next-gen passwordless solutions offer.
“We’re excited to really deepen the industry’s view of where newer solutions stand relative to less secure passwordless experience offerings,” said Raz Rafaeli, Founder and CEO of Secret Double Octopus. “For us, the real promise of passwordless is achieving the goal of an employee never having to set, guess or remember a password universally, across all use cases they encounter in a workday. We call this Full Passwordless and it’s a defining design goal for us.”
Recommendations for the Enterprise:
To improve security posture, organizations should:
- Become aware of the differences between “passwordless like” solutions and newer enterprise passwordless offerings that strive to reach the promise of Full Passwordless
- Avoid holes in their MFA strategy by implementing MFA, preferably passwordless MFA, across all of their resources and systems
- Evaluate next-gen passwordless MFA solutions to ameliorate MFA fatigue and lower the complexity of MFA management in their environment
A summary and detailed report of the SDO 2022 State of Workforce Passwordless Survey findings are available now. Additionally, Secret Double Octopus will host a webinar to discuss the key findings of the study on October 19th at 9am PDT. To join the event, please register here.
To read the official press release on wire, click here.