Historic Shift: Passkeys Set to Become Leading Authentication Method by 2027, New Survey Reveals

HYPR ushers in the Identity Renaissance and, for the first time in five years, pushes an indefinite pause on passwords

• 49% of firms breached last year, 87% due to identity vulnerabilities, leading to an average loss of $2.5M per incident
• 40% experienced a GenAI related security incident in the last year, 95% encountered a deepfake attack
• Phishing-resistant authentication to surpass passwords and standard MFA within two years. Passkeys set to overtake legacy methods
• IDV tools are the most widely deployed IAM tool (63%) and a top choice for post-breach implementation (68%)

/EIN News/ -- NEW YORK, March 25, 2025 (GLOBE NEWSWIRE) -- HYPR, the Identity Assurance Company, today released the fifth edition of its State of Passwordless Identity Assurance Report, revealing an increasing misalignment between real-world security risks and outdated authentication methods. The report highlights the growing risks associated with outdated authentication methods and the rise of new generative AI-related attacks. However, it also signals a potential turning point in the fight against identity-based attacks, with phishing-resistant authentication methods like FIDO passkeys poised to become the dominant solution within the next two years – a first in the report’s five-year history.

Leveraging insights from 750 IT security decision-makers across various industries and regions, the report, commissioned by HYPR, and conducted by S&P Global Market Intelligence 451 Research, revealed:

Organizations Under Siege from Exploited Weaknesses: Nearly half (49%) of organizations suffered a breach in 2024, with 87% attributed to identity vulnerabilities. These were primarily driven by credential misuse (47%), privilege access abuse (41%), social engineering (36%), and MFA bypass (35%).

Breaches are Taking a Toll Beyond the Bottom Line: These attacks caused substantial financial losses (an average of $2.5 million per incident) and legal ramifications (20%), forcing many organizations to reduce headcount, demote executives (34%) and downsize their frontline workforce (38%) ^[1].

Deepfakes Emerge as a Modern Identity Threat: In 2024, IT decision-makers named GenAI a major concern (60%), with deepfake identity fraud taking the top spot. Today, nearly 40% of organizations have suffered a GenAI-related security incident in the past year, and a staggering 95% were hit by some form of deepfake attack - including altered static imagery (50%) and manipulated live (44%) and recorded (41%) audio/video.

A New Era of Secure Authentication is Here: For the first time in the report's history, passwordless and FIDO-based authentication methods are gaining significant traction, with 46% of respondents now utilizing these secure solutions. This adoption of phishing-resistant authentication marks a paradigm shift in cybersecurity, with FIDO passkeys and hardware keys poised to become the gold standard in authentication by 2027. This trend is further validated by the FIDO Alliance's recent survey results, which revealed that 87% of organizations have successfully deployed or are deploying passkeys.

"We are in the midst of The Identity Renaissance, a period of profound transformation," says Bojan Simic, CEO of HYPR. "Our report serves as a clarion call, exposing the vulnerabilities of outdated authentication methods and the urgent need for change. But amidst this challenge, there's a powerful wave of innovation. Phishing-resistant authentication, led by FIDO passkeys, is poised to redefine how we secure digital identities, not just by replacing passwords, but by fundamentally shifting our approach to managing and verifying identities.”

The Reactive Approach to Identity Security is Insufficient: It is evident that organizations are acting post breach – whether it’s increasing their investment in cybersecurity tools (61%), changing their authentication methods (50%) or implementing new identity management tools (68%). Yet, despite a shift in mindset and action, organizations are still embracing outdated practices such as standard MFA (52%) and passwords (40%). While in terms of general identity verification (IDV), organizations continue to use “traditional” methods such as in-person office visits and document-based authentication during hiring processes (72%).

"This report highlights a key moment in identity security," says Garrett Bekker, Principal Research Analyst at S&P Global Market Intelligence 451 Research. "While the surge in GenAI-fueled attacks and the persistence of traditional vulnerabilities underscore the need for change, the anticipated dominance of phishing-resistant authentication by 2027 offers a clear, strategic path forward. Organizations must now prioritize the deployment of phishing-resistant authentication such as FIDO passkeys and other modern identity verification tools, not as a future aspiration, but as a core component of their immediate risk mitigation strategy. Failure to do so will leave them exposed to escalating threats and undermine their ability to compete in an increasingly digital-first economy."

WEBINAR: The Identity Renaissance: Key Insights from The State of Passwordless Identity Assurance 2025
Join HYPR and S&P Global Market Intelligence 451 Research
Date: Thursday, April 17, 2025 at 1pm ET
Join: Here
Speakers: Bojan Simic, CEO & Co-founder, HYPR and Garrett Bekker, Principal Research Analyst at 451 Research                      

About HYPR
HYPR, the leader in passwordless identity assurance, delivers the industry's most comprehensive end-to-end identity security for your workforce and customers. By unifying phishing-resistant passwordless authentication, adaptive risk mitigation, and automated identity verification, HYPR ensures secure and seamless user experiences for everyone.

Trusted by organizations worldwide, including two of the four largest US banks, leading manufacturers, and critical infrastructure companies, HYPR secures some of the most complex and demanding environments globally.

Media:
Fabienne Dawson
fabienne@hypr.com
917.374.6860

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/b792cf93-9d5e-4e2b-985d-44290b5429ca

_____________________

^[1] In the United States