Skip navigation

The 2021 Duo Trusted Access Report

The Road to Passwordless

Thanks to the remote work revolution, the future of security will be more efficient, effective and user-friendly — and maybe even password-free. Find these insights and more in Duo’s 2021 Trusted Access Report.

Get The Full Report

Introduction

The landscape of authentication is clearly changing. Just a few years ago, security experts started preaching a risk-based access model — evaluating users, their devices and the applications they access to determine a login’s legitimacy. The corporate network wasn’t the ultimate source of security anymore. Instead, risk could be managed using stronger security controls — like multi-factor authentication (MFA)

Now, with the concept of deperimeterization firmly established, access security is building on the foundation of MFA. IT professionals are realizing that security adoption is as important as the technology itself — and that forgoing passwords is a major usability improvement. It is also clear that remote work is here to stay, and access security must

respond to new and evolving use cases. In the face of so much change, it’s more important than ever that organizations have a streamlined, effective security stack that runs like clockwork.

In this report, we’ll examine these industry shifts, and look at how Duo’s customers are adapting to a more nuanced security landscape.

95
Did you know?

In a Thales study of over 300 IT professionals, 95% had implemented MFA to control access to some resources.

2020 Thales Access Management Index - United States & Brazil Edition

Report Overview

Trends in how organizations use Duo show that:

User Experience Matters

More than ever, organizations are realizing that usability is security.

Security's Reach is Growing

Access security has become all but mandatory over the past few years.

Organizations are Simplifying

Existing security workflows are becoming more streamlined.

Methodology

For this report, Duo’s Data Science team analyzed data from more than 36 million devices, more than 400 thousand unique applications and roughly 800 million monthly authentications from across our customer base, spanning North America, Latin America, Europe and the Middle East and Asia-Pacific.

Report Highlights

5x increase in Webauthn usage since April 2019

Biometrics enabled on 71% of active customer phones

Duo Push most popular authentication method at 30% of total auths

Of customers using location policies, 74% block Russia and China

15% of authentications are to cloud apps, up from 13% last year

User Experience Matters

More than ever, organizations are realizing that usability is security. Security workflows that are easy to navigate are more likely to be adopted and less likely to be circumvented, so the value of a well-designed interface can’t be underestimated. 

The emphasis on experience is evident in Duo’s authentication data — we’ve seen utilization of user-friendly authentication methods like biometrics, WebAuthn and Duo Push increase significantly since 2019.

Duo MFA Methods, Year Over Year

See how usage of Duo's available authentication methods has changed year over year since 2019. Toggle methods on and off to filter your comparison.

Apr '19Jul '19Oct '19Jan '20Apr '20Jul '20Oct '20Jan '21Apr '210%50%100%150%200%250%300%Method Key:BiometricBypass 2FAHardtokenOtherOTPPhone & SMSPushWebAuthn/U2F Apr '19Jul '19Oct '19Jan '20Apr '20Jul '20Oct '20Jan '21Apr '210%50%100%150%200%250%300%Method Key:BiometricBypass 2FAHardtokenOtherOTPPhone & SMSPushWebAuthn/U2F

Looks Like You Have Javascript Disabled

This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).

Saying Goodbye to Passwords

Organizations are showing movement away from passwords, which would significantly improve the login experience for many users. Cisco recently surveyed technical decision-makers from around the world and found that over 50% were considering

a passwordless solution. When asked to choose their top criteria, decision-makers consistently identified improving the overall security of their company and improving the experience of the end users as most important.

Adopting a Passwordless Solution

See what's most important in a passwordless solution, and toggle between the answer choices to explore how each country surveyed responded.

0255075100JapanUnited KingdomNetherlandsFranceGermanyAustraliaUnited StatesSingaporeIndiaUnited Arab Emirates22%33%33%35%38%40%40%44%58%58%Latest TechLeadership PressureImproved SecurityUser Experience 0255075100JapanUnited KingdomNetherlandsFranceGermanyAustraliaUnited StatesSingaporeIndiaUnited Arab Emirates22%33%33%35%38%40%40%44%58%58%LatestTechLeadershipPressureImprovedSecurityUserExperience

Looks Like You Have Javascript Disabled

This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).

  • To learn more about passwordless authentication trends and user experience in security, get the full report.

Expanding Security’s Reach

Over the past few years, access security has become all but mandatory. Many companies now see MFA as a baseline essential in their security strategies, and its appeal continues to grow — the MFA market is projected to reach $23.5 billion by 2026

It’s no surprise, then, that we see Duo usage expanding as well. Duo customers are protecting more applications, enrolling more devices and performing more authentications than ever before.

Application Coverage Expanding

Cloud and Remote Access apps are leading the way.

  • Cloud Apps: 6% expansion in the proportion of applications
  • Remote Access: 4% expansion in the proportion of applications


Encryption Increased Dramatically

  • In 2020, 74% of devices with the Duo Endpoint Health application had encryption turned on
  • In 2021, that number jumped to 90%

Authentications Are Up 

The top 5 countries where auth volume increased:

  • United States up 56%
  • India up 110%
  • Canada up 194%
  • United Kingdom up 86%
  • Japan up 25%


SSO Usage on the Rise

  • Authentications to SSO applications increased 67% to 24.8% of all authentications

Streamlining Security Strategies

With security coverage well established, companies can focus on streamlining their ecosystems, reducing total cost of ownership and eliminating technical debt. Organizations no longer need a different security solution for each use case; now, companies can cover many requirements with adaptive access policies

Duo’s policy engine can meet critical, sometimes niche needs — like checking devices for compliance at every login, securing data more heavily than less critical applications and allowing users to access corporate networks remotely under the right conditions. Over the past year, we found that policy configuration blocked 7.6% of authentications overall.

Policy-Based Authentication Failures

We dug into policy data to find out what commonly causes users' authentications to fail. Compare how the causes break down by percentage between 2020 and 2021.

Invalid deviceNo disk encryptionNo screen lockOut of dateVersion restricted0.000.010.020.030.040.050.060.070.080.090.100.110.1220202021Device-Related FailuresUser-Related Failures InvaliddeviceNodiskencryptionNoscreenlockOutofdateVersionrestricted0.000.010.020.030.040.050.060.070.080.090.100.110.1220202021Device-Related FailuresUser-Related Failures

Looks Like You Have Javascript Disabled

This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).

  • To learn more about how security is becoming simpler and more streamlined, get the full report.

The 2021 Duo Trusted Access Report

In this report, you'll learn:

  • Which industries are embracing a passwordless authentication experience
  • How companies are using policies to secure diverse access use cases
  • Which devices and OS’s are most commonly used, and how companies are securing them
  • How application coverage has grown and changed with the remote work revolution
  • And much more!