FB pixel

Hypr passwordless report uncovers pervasive insecure authentication practices

Hypr passwordless report uncovers pervasive insecure authentication practices
 

Passwordless security is still a relatively new approach to user authentication in the workplace despite a decade of identity standards work by the FIDO Alliance and W3C to democratize these capacities. In the third-annual State of Passwordless Security Report published by Hypr there are several key findings that uncover just how pervasive insecure authentication practices are among organizations.

While passwordless adoption is on the rise, so are phishing attacks. For example, 97 percent of organizations that use passwordless authentication for employees (n=271) are using phishable methods, and 28 percent of organizations (n=1000) experienced push notification phishing attacks, which more than doubled the number in the prior years’ report.

Perhaps worse is that organizations indicate, on average, that four different systems of authentication are used by employees daily and the majority rely on passwords, password managers, and phishable multi-factor authentication (MFA) methods. And nearly all organization — 97 percent allow at least a portion of their employees to access their company computers with only a username and password. Yet, 87 percent of these same IT and security leaders consider their organization’s existing approach to authentication to be completely or mostly secure.

As the report outlines, this conundrum appears to be rooted in the fact that 65 percent of those surveyed were unable to identify the difference between phishable versus phishing-resistant MFA. Phishing-resistant multi-factor authentication is based on public-key cryptography and uses secure, on-device factors to verify identity. It does not use any type of credential that could be phished or intercepted by attackers including passwords, one-time passcodes (OTP), SMS messages, push notifications, phone calls, and knowledge-based security questions.

It is clear from the survey results and findings that more education is needed around phishing-resistant MFA but that alone will not solve the primary issue in the workplace that starts with the operating system and device makers.  The report concludes on a note about Passkeys, which replace passwords with a cryptographic key pair and on-device authentication announced by Apple, Google and Microsoft, however, for the near-term Passkeys still lack the critical administration, configuration, policies, and management capabilities for deployment in the workplace.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics and injection detection for deepfake defense a rising priority

Biometrics integrations with injection attack detection to defend the latest front in the global battle against fraud, deepfakes, is the…

 

Biometric Update Podcast looks at the road to a global standard for age assurance

Episode 2 of the Biometric Update Podcast is a dispatch from the 2025 Global Age Assurance Standards Summit, held from…

 

WEF launches new DPI initiative focused on emerging tech, including biometrics

Global Digital Public Infrastructure (DPI) initiatives are lagging behind emerging technologies such as AI, which could lead to inefficiencies, bottlenecks…

 

Odds are good for biometrics firms in the global gambling sector

Gambling has always been a vice associated with certain kinds of criminal activity, but the development of the online gambling…

 

New Zealand issues tender for digital ID services accreditation infrastructure

New Zealand’s accredited digital identity services regulator, the Trust Framework Authority (TFA), has published a request for information (RFI) for…

 

Pindrop surpasses $100M in annual recurring revenue, kicks off BU podcast

A release from Atlanta-based voice biometrics firm Pindrop celebrates a milestone: the firm has surpassed US$100 million in Annual Recurring…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events