Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless MoveCisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
October 15, 2021
SAN JOSE, Calif., October 14, 2021 – NASDAQ: CSCO – A new report published today from Cisco’s Duo Security, the leading multi-factor authentication (MFA) and secure access solution, confirms that enterprises are taking steps to move away from passwords and adopting low-friction authentication methods to protect the hybrid workforce. While the total number of Duo MFA authentications increased 39% in the past year, biometric authentications grew even faster at 48%.
The 2021 Duo Trusted Access Report analyzed data from more than 36 million devices, over 400,000 unique applications and roughly 800 million monthly authentications from across Duo’s global customer base. It revealed how organizations across all industries are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications.
Biometrics were enabled on more than 71% of Duo customer mobile phones, illustrating a rise in adoption driven by users’ growing acceptance of non-traditional authentication methods and the accessibility of passwordless hardware that they already carry in their pockets. Further eliminating the need for users to retain a large cache of authentication passwords, Duo also saw a fivefold increase in Web Authentication (WebAuthn) usage since April 2019 when the World Wide Web Consortium (W3C) first published the open standard. WebAuthn enables biometrics to be securely stored and validated locally on the device, as opposed to a centralized database.
Duo has been a champion of passwordless technology, driving WebAuthn’s ratification as a member of the W3C working group and launching its infrastructure agnostic passwordless authentication product in March 2021.
Moving away from passwords will significantly improve the login experience for the vast majority of users – in turn leading to stronger security. More than half of organizations are planning to implement a passwordless strategy, according to the new survey of global IT decision makers conducted as part of the Trusted Access Report. Forty-six percent of respondents said security issues related to compromised credentials are the most frustrating or concerning aspect of dealing with passwords in their environment.
“We’ve now reached the point where the user experience is a security control in and of itself,” said Dave Lewis, Global Advisory CISO at Cisco. “Enterprises are moving toward new, more effective ways of handling access control and seeing in action how democratizing security can go a long way in enabling hybrid workers to focus on their core competencies without sacrificing security.”
The importance of user-centric security that incorporates employee work patterns to keep resources accessible and out of reach for malicious actors is reinforced by the recent Cisco Hybrid Work Index. The report showed that while there was a surge in VPN and secure remote access at the onset of the pandemic, fraudulent access attempts grew 2.4 times during the same time period and remains elevated 18 months later. Due to these threats, organizations are setting stricter policies to verify the trust of users and devices before granting access to applications. The number of authentication failures due to out-of-date devices increased 33% between 2020 and 2021.
These are just a few of many findings in the 2021 Duo Trusted Access Report. To download the report, please visit http://duo.sc/tar-2021.
Learn more: Passwordless Authentication by Duo
Report: Cisco Hybrid Work Index
Reference: Cisco Cybersecurity Report Series
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023