Laura Hyde |
Phishing-resistant authentication will surpass passwords and standard multi-factor authentication tools within two years, according to identity assurance company HYPR’s State of Passwordless Identity Assurance Report.
For the first time in the report’s five-year history, implementation of passwordless and FIDO-based authentication methods are on the rise with 46 per cent of respondents utilising these solutions.
The report, which was commissioned by HYPR and conducted by S&P Global Market Intelligence 451 Research, draws on insights from 750 IT security decision-makers across various industries and regions. It highlights the risks associated with outdated authentication methods and the rise of new generative AI-related attacks.
According to the report, 49 per cent of the 750 firms surveyed were breached in 2024, with 87 per cent due to identity vulnerabilities. These were primarily driven by credential misuse (47 per cent) and privilege access abuse (41 per cent).
The average loss per incident was $2.5 million, which forced organisations to reduce staff headcount, demote executives and downsize the frontline workforce.
Sixty per cent of IT decision-makers named generative AI as a major concern, with 40 per cent of those organisations surveyed suffering a generative AI attack in 2024, 95 per cent of which were identified as deepfake identity fraud. This included altered static imagery (50 per cent) and manipulated live (44 per cent) and recorded (41 per cent) audio/video.
The report goes on to describe the increased adoption of phishing-resistant authentication, such as FIDO passkeys and hardware keys, as a “paradigm shift” in cybersecurity. This is further validated by the FIDO Alliance's recent survey results, which revealed that 87 per cent of organisations have successfully deployed, or are deploying, passkeys.
“We are in the midst of ‘The Identity Renaissance’, a period of profound transformation,” said Bojan Simic, CEO of HYPR. “Our report serves as a clarion call, exposing the vulnerabilities of outdated authentication methods and the urgent need for change. But amidst this challenge, there’s a powerful wave of innovation. Phishing-resistant authentication, led by FIDO passkeys, is poised to redefine how we secure digital identities, not just by replacing passwords, but by fundamentally shifting our approach to managing and verifying identities.”
Garrett Bekker, principal research analyst at S&P Global Market Intelligence 451 Research, agrees the report highlights a “key moment” in identity security and organisations need to act now, rather than post-breach.
“While the surge in GenAI-fuelled attacks and the persistence of traditional vulnerabilities underscore the need for change, the anticipated dominance of phishing-resistant authentication by 2027 offers a clear, strategic path forward,” he said. “Organisations must now prioritise the deployment of phishing-resistant authentication such as FIDO passkeys and other modern identity verification tools, not as a future aspiration, but as a core component of their immediate risk mitigation strategy. Failure to do so will leave them exposed to escalating threats and undermine their ability to compete in an increasingly digital-first economy.”