The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend
Adoption of two-factor authentication has substantially increased since we began conducting this research in 2017. However, considering only 32% of respondents report using 2FA on all applications where available, there’s still ample opportunity to improve 2FA adoption.
That Was Then, This is Now
2FA Usage Continues its Climb
Two-factor authentication has become notably more prevalent over the last two years, with 79% of respondents reporting having used it in 2021, compared to 53% in 2019 and 28% in 2017.
SMS Text Message Remains the Most Used Authentication Method
SMS (85%) continues to be the most common second factor that respondents with 2FA experience have used, slightly up from in 2019 (72%). Email is the second most common second factor (74%), with a notable increase compared to 2019 (57%).
While SMS is certainly more secure than no 2FA, there's room for improving security here. Other factors, such as push notifications and security keys, are more effective in preventing account takeovers.
2FA in the Workplace Drives Adoption
Among respondents who are currently employed, 2FA adoption is nearly 20% higher.
Of All Accounts, Users Perceive Banking as Most Important
Respondents continue to have money on their mind, with 93% considering financial accounts the most important to secure, up from 85% in 2019.
But in comparing user perception to reality, there's evidence that the impact of an email compromise is more harmful than a financial account compromise:
“Overall, email accounts are the most valuable online accounts as they are used to exchange sensitive information with banks, health services, and various online service providers. In addition, they are also often used as the recovery mechanism for other online accounts.”
—Elie Bursztein, Cybersecurity Research Lead, Google
Non-Traditional Authentication Methods Move the Needle
Two contemporary trends in primary authentication are password managers and biometrics. Password managers are a tool which securely stores a user’s existing passwords and can assist in the creation of new, more secure passwords. Instead of using something you know (username and password) as the primary factor, biometric authentication verifies identity with a user characteristic (such as a fingerprint).
In this survey, 32% of respondents report using a password manager, and 42% report using biometric authentication for at least some applications. A separate study conducted by Duo found the top two user privacy concerns about biometric authentication were attackers replicating a biometric (42%) and distrust of companies with personal biometric information (36%).