MFA use nearly doubled since 2020

Picture by Mohamad Hassan

Okta, Inc. released its international Secure Sign-In Trends Report analyzing billions of monthly workforce customer logins to Okta Workforce Identity Cloud across more than 16 industries around the world. It revealed that the use of multi-factor authentication (MFA) has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security and convenience for users.

The top takeaways include:

  • 90% of Okta administrators and 64% of users signed in using MFA during the month of January 2023.
  • Sign-in methods that offer the highest phishing resistance (Okta FastPass and FIDO2 WebAuthn) also prove to offer the fastest, most reliable user experience.
  • The technology industry is best placed to move to a passwordless future, with 87% of account logins already using MFA. Insurance (77%), Professional Services (75%), Construction (74%), and Media & Communications (72%) round out the top five industry adopters. Surprisingly, highly-regulated industries tend to lag behind.
  • MFA adoption by Okta’s workforce customers jumped from 35% to 50% in two months between February and March 2020.
  • Organizations with fewer than 300 employees (79%) exceed the MFA use of enterprises with more than 20,000 employees (54%).

MFA adds an extra layer of security on top of credentials like passwords, which are highly susceptible to abuse. More than 80 percent of Business Web Application Attacks and nearly half of all business email compromise attacks result from stolen username and passwords. MFA provides greater certainty that a user is who they claim to be before granting access to an application or online account. MFA verifies identities by asking users to provide different types of information or factors to gain access to an account or application.

However, an increase in sophisticated MFA bypass attacks is prompting organizations to evaluate the need for phishing-resistant authentication flows.

According to the report, the use of phishing-resistant authentication offers the optimal mix of security and user experience. While it’s frequently assumed that technology decision-makers must “trade off” security for user experience, Okta’s research finds that on average, signing in with passwordless, phishing-resistant authenticators saves time and is less prone to failure when compared to using passwords.