Skip navigation
Industry News

The State of Passwordless in the Enterprise

Recently, Cisco Duo sponsored a comprehensive study on Passwordless in the Enterprise led by ESG senior analyst Jack Poller. Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study.

In addition to this blog post, you can find more information on the study results in:

Study Overview

During the study, ESG asked questions of 377 security, IT, and application development professionals across a variety of company sizes and verticals, about both workforce (internal/employee) and customer (external/client) users. The study also covered multi-factor authentication, identity protections, identity risks and identity vulnerabilities experienced.   

Study Findings

We’ll focus on the workforce findings:

1. Multiple account or credential compromise is the norm

Graphic sharing a statistic from the ESG survey that reads: 76% of organizations experienced multiple account or credential compromises over the past 12 months. Organizations face a multitude of disparate attack vectors targeting both weak authentication methods and the human element. Unfortunately, organizations are failing to learn from and respond to account or credential compromise, and thus multiple incidents are the norm.

This result is surprising, but it’s not entirely new. Year after year, there are countless reports that a significant number of breaches occur due to lost or stolen credentials. Cybercriminals don’t break in, they just log in. There are a variety of reasons that credentials are a perennial attack vector. Some companies don’t have budget to implement MFA, they don’t have the skills to implement it, or the solution is too complex and it negatively affects user productivity.

The writing is certainly on the wall that username and password credentials are a menace to secure environments, and moving to strong authentication is the solution. Yet, enterprises are faced with a trade-off between enabling a great user experience and deploying strong security.

Duo does not subscribe to that choice. Founded in a world-class design-led philosophy, Duo offers a great admin and user experience behind cutting edge authentication security for unmatched value.

2. Workforce authentication failures are common and MFA is still not mandatory

Graphic sharing a statistic from the ESG survey that reads: 62% of organizations make MFA mandatory for their entire workforce. Friction and login failures shouldn't stop organizations from strengthening their authentication process. It's surprising that despite all the known identity risks and the protection afforded by MFA, not every organization makes MFA mandatory for their entire workforce.

Duo has always focused on meeting customers where they are. Depending on the situation, authenticator options may be limited. Therefore, Duo supports a wide variety of authentication options. However, at the same time, we also enable our customers to implement the strongest multi-factor authentication (MFA) options available in the industry.

Some include Verified Duo Push with number matching, Risk-Based Authentication that steps up authentication strength based on risk signals, Trusted Endpoints to limit the scope of acceptable endpoints to known devices, or phishing-resistant factors like FIDO2 WebAuthn that is a foundational Duo Passwordless component.

3. Two-thirds of enterprises have started their workforce passwordless journey

Graphic sharing a statistic from the ESG survey that reads: 52% of organizations say that workforce passwordless authentication has had a significant positive impact on overall cybersecurity. The workforce is inundated with complex passwords and phishable, hard-to-use MFA. In addition to increasing security, organizations eliminating passwords significantly positively impacted cyber-insurance, regulatory compliance, and IT, help desk, security, and DevOps teams.

Based on this stat, we can infer that passwordless has been beneficial to overall security efforts for most companies. Therefore, as enterprises develop plans to strengthen their security postures in the future, we can expect growth in the use of passwordless authentication.

Duo brought its Passwordless solution to market last year and has seen a steady rise in adoption and expansion from production pilots to full production in various functional groups across a broad set of verticals. Since it’s available in all product editions, all Duo customers have the capability to get started using passwordless immediately on the heels of completing their rollout plans.

4. Investment in strong authentication is growing

Top 3 “Areas expected to benefit from an increase in authentication technologies over the next 12 months.” include:

  • Adding or improving passwordless authentication for workforce users – 24% of enterprises

  • Adding or improving passwordless authentication for partners or suppliers – 18% of enterprises

  • Adding or improving passwordless authentication for customer users – 17% of enterprises

Duo Passwordless provides enterprises with broad options to strengthen security and improve the user experience by eliminating the use of passwords. Our Passwordless solution supports flexible authenticators including:

  • Passkeys that are single device bound or synced across multiple devices

  • Platform authenticators built into access devices

  • Security keys attached to access devices

  • Duo Push on mobile devices

With Duo Passwordless, users can log in securely with a single gesture that provides the security based on “something you have” + “something you are” factors and doesn’t rely on the plagued “something you know” factor used for password-based authentication.

There’s no time like the present for starting your passwordless journey

Weak authentication with passwords and phishable MFA is putting enterprises at risk. So many are making passwordless a high priority to enable them to benefit from the increased security and improved user experience it offers. Get more insight into key survey takeaways by reading ESG’s ebook on the state of Passwordless in the Enterprise.

Also, be sure to register for the state of Passwordless in the Enterprise webinar with Jack Poller and I on July 19th at 1:00pm EDT. Jack will discuss key result from the survey and share his extensive industry experience. I will complement his observations by highlighting why Duo is well positioned to shore up enterprise authentication needs raised in the survey, while guiding organizations on their journey to passwordless authentication.