Skip navigation
Industry News

The 2022 Duo Trusted Access Report: Logins in a Dangerous Time

As global conflicts spill over into the digital realm, the idea of protecting the individual through to the enterprise has taken on a greater sense of urgency.

In the 2022 Duo Trusted Access Report: Logins in a Dangerous Time, we examine the dramatic shift beyond discussions of password complexity to those where investing in multi-factor authentication (MFA) and passwordless technology are mandatory costs of doing business. To help protect against the wide array of adversaries we face, these technologies go a very long way to helping to reduce risk for organizations.

For this report, Duo partnered with the Cyentia Institute to analyze data from more than 13 billion authentications on 49+ million devices, 490+ thousand unique applications and roughly 1.1 billion monthly authentications from across our customer base, spanning North America, Latin America, Europe and the Middle East, and Asia-Pacific.

“Strategies such as zero trust in conjunction with passwordless solutions will make great strides to improve overall security, reducing risk by way of democratization of security with a stronger focus on the user experience.” —Dave Lewis, Global Advisory CISO, Cisco Security

Five Key Findings

Here are five top trends from the 2022 Duo Trusted Access Report. Get the full report to explore all of the data.

Passwordless Adoption Continues to Rise
Our data shows a 50% increase in the percentage of accounts allowing WebAuthn authentication and a fivefold increase in WebAuthn usage since April 2019.

MFA Continues to Strengthen Passwords
Multi-factor authentication holds strong while adding to the security of only traditional password usage. The number of MFA authentications using Duo rose by 38% in the past year.

Cloud Usage Continues to Rise
An increasing number of authentications are attributed to cloud applications with a 24% rise in 2022.

Locations Blocked
Ninety-one percent of Duo customers who implement device-based policies restrict access from China or Russia, and 63% block both countries.

Push Preferred
Duo Push is the most used authentication method, accounting for 27.6% of all authentications.


The last year — even the last several months — have really rewritten the narrative for defenders around the globe. Organizations have spent considerable time and effort designing their hybrid work functions, and now they must be doubly certain that they have security resilience built into their deployments to contend with the current threat landscape as outlined by the Talos Intelligence team here at Cisco.

Lingering security debt that remains in organizations will continue to provide adversaries with targets of opportunity. Companies need to hone their craft and better focus on access control and dealing with deprecated systems that may continue to operate in their environments long past their life expectancy. Patching has been much maligned by security practitioners over the years — not because it shouldn’t be done, but rather because no one ever wants to do it. As a result, issues crop up with long-published vulnerabilities being made into exploits that realistically should not hold any sway in modern enterprises. Yet, they wait on the wire.

Making use of multi-factor authentication and / or passwordless authentication models are essential for the modern business enterprise. When we consider the tremendous amount of threat intelligence available to us as defenders from sources such as Talos, we must take advantage of this knowledge and translate it into capability to protect our environments as effectively as possible.

Try Duo For Free

With our free 30-day trial, see how easy it is to get started with Duo and secure your workforce from anywhere, on any device.