Okta has announced the release of its international Secure Sign-In Trends Report. The report, which analyzes billions of monthly workforce customer logins to Okta Workforce Identity Cloud across more than 16 industries around the world, reveals that the use of multi-factor authentication (MFA) has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users.
“Okta is advancing our customers’ zero trust security strategies by helping them adopt innovations like phishing-resistant MFA and passwordless,” said Todd McKinnon, co-founder and CEO of Okta. “By sharing data on our customers’ adoption of these critical technologies, we can drive greater progress with governments, our partners, and our customers.”
The top takeaways include:
- 90% of Okta administrators and 64% of users signed in using MFA during the month of January 2023.
- Sign-in methods that offer the highest phishing resistance (Okta FastPass and FIDO2 WebAuthn) also prove to offer the fastest, most reliable user experience.
- The technology industry is best placed to move to a passwordless future, with 87% of account logins already using MFA. Insurance (77%), Professional Services (75%), Construction (74%), and Media & Communications (72%) round out the top five industry adopters. Surprisingly, highly regulated industries tend to lag behind.
- MFA adoption by Okta’s workforce customers jumped from 35% to 50% in two months between February and March 2020.
- Organizations with fewer than 300 employees (79%) exceed the MFA use of enterprises with more than 20,000 employees (54%).
MFA adds an extra layer of security on top of credentials like passwords, which are highly susceptible to abuse. More than 80 percent of Business Web Application Attacks and nearly half of all business email compromise attacks result from stolen username and passwords. MFA provides greater certainty that a user is who they claim to be before granting access to an application or online account. MFA verifies identities by asking users to provide different types of information or factors to gain access to an account or application. However, an increase in sophisticated MFA bypass attacks is prompting organizations to evaluate the need for phishing-resistant authentication flows.
According to the report, the use of phishing-resistant authentication such as Okta FastPass or FIDO2 WebAuthn offers the optimal mix of security and user experience. While it’s frequently assumed that technology decision-makers must “trade off” security for user experience, Okta’s research finds that on average, signing in with passwordless, phishing-resistant authenticators saves time and is less prone to failure when compared to using passwords.
The Secure Sign-In Trends Report was built from data of direct MFA authentication events in the Okta Workforce Identity Cloud (WIC). Analysts anonymized and aggregated data from billions of monthly authentications and veriﬁcations across countries worldwide.