new global survey from yubico finds 59 per cent of employees still rely on username and password as primary method to authenticate their accounts

To kick off Cybersecurity Awareness Month, Yubico brings top industry leaders together to reveal state of enterprise security

In light of recent phishing-based cyberattacks and in recognition of Cybersecurity Awareness Month, Yubico, the leading provider of hardware authentication security keys,  shared the results of its inaugural State of Global Enterprise Authentication Survey 2022 at a security thought-leadership industry summit hosted by the company in its San Francisco office. The survey, conducted for Yubico by Censuswide, polled 16,000+ employees across a variety of enterprises in eight countries* and asked about their perceptions and perceived challenges of multi-factor authentication (MFA), security tools and internal security practices at their organisation, and their recent experiences with cyberattacks.

While the survey revealed numerous interesting data points, these telling cybersecurity authentication and MFA trends surfaced to the top:

  • 59 per cent of employees still rely on username and password as their primary method to authenticate into accounts
  • Nearly 54 per cent of employees admit to writing down or sharing a password
  • Over 22 per cent of those surveyed still think username and password is the most secure method of authentication
  • 61 per cent of employees think their organisation needs to upgrade to modern phishing-resistant MFA and 79 per cent of VP-level staff want their organisation to upgrade to modern phishing-resistant MFA (like hardware security keys) 
  • More than 54 per cent of employees are not required to go through cybersecurity training on a frequent basis
  • Over the last 12 months, nearly 57 per cent admit to using a work-issued device for personal use
  • Within the last two years, nearly 40 per cent of survey respondents admits to having broken their mobile phone and nearly 30 per cent have lost it (a device organisations commonly use to authenticate) 

“Cybersecurity Awareness Month brings global awareness for security hygiene and is a good time for people and organisations to take action now to shore up their cybersecurity practices,” said Stina Ehrensvärd, CEO and co-founder, Yubico. “The results from Yubico’s global survey highlight the biggest concerns, challenges, and real-world scenarios that organisations are facing globally when it comes to their cybersecurity efforts – including the continued reliance on legacy MFA solutions like one-time passwords. It’s a stark reminder of how far the enterprise still has to go to adopting and standardising phishing-resistant MFA tools.”

The State of Authentication

To further foster conversations around the importance of modern authentication, Yubico brought together cybersecurity industry leaders for its inaugural YubiSummit event in San Francisco, which included leading organisations at the forefront of security, influencers, and media for in-depth discussions around the top challenges facing enterprises today. In addition to Yubico executives CEO and co-founder Stina Ehrensvärd, CIO and co-founder Jakob Ehrensvärd, CISO Chad Thunberg, and vice president Derek Hanson, attendees included Brave, Union Pacific Railroad, Defending Digital Campaigns, Microsoft, Google, and Rachel Tobac, ethical hacker and CEO of SocialProof Security.

Some of the topics discussed at the YubiSumit included:

  • Move over passwords: passkeys are the new kid in town. After the findings of the survey were unveiled, Yubico’s Hanson shared information on demystifying the new term of passkeys including what they are, specific use cases and benefits, and what enterprises should consider between the use of passkeys and security keys.

“Seeing the results of the survey and then contrasting that data with what we’re hearing is happening to companies, it only re-emphasises what we already know – that passwords are not enough and that not all MFA is created equal,” said Hanson. “We’re excited about the arrival of passkeys to help make FIDO authentication globally accessible. It is important to understand how passkeys will impact your organisation and what type of passkey is right for you. Passkeys, by definition, are passwordless-enabled FIDO credentials, but YubiKeys only create hardware-bound passkeys which are not copyable – ensuring the highest level of security for enterprises.”

  • What the hack: advice from an ethical hacker. Tobac debuted a video with Yubico, demonstrating how cyber criminals hack by tricking people. The video highlights an attack vector seen frequently in recent news stories in which an employee is tricked into going to a malicious link, putting in their username and password and handing their 2FA codes to the attacker – all within a few seconds. She discussed the evolution of cyberattacks and the importance of deploying modern MFA, like a YubiKey, to stop attackers in their tracks during a hack. 

“If your threat model is elevated because you have admin access at work, are in the public eye, or being targeted/harassed, it’s essential to consider FIDO security keys to prevent the most common attacks we’re seeing in the news right now,” said Tobac.

  • Our corporate responsibility: protecting those at risk around the world. Mary Mangione, Yubico’s senior communications and brand manager and lead for its philanthropic programme, Secure it Forward, was joined by experts from Google, Microsoft, and Defending Digital Campaigns to discuss protecting high risk users across journalism, civil society, and politics. The conversation focused on the importance of companies partnering to leverage joint resources to keep these vulnerable populations secure. 

“Collaborating with organisations like Google, Microsoft, and Defending Digital Campaigns allows us to better protect high risk users and organisations that need it most,” said Mangione. “At Yubico, our Secure it Forward programme provides YubiKeys on a global scale at no-cost to help equip journalists, political organisations, and non-profits with strong security.”

To see the results of the survey and download the full report, visit here. Learn more about the YubiKey and phishing-resistant MFA here.

About Yubico

Yubico, the inventor of the YubiKey, makes secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based authentication security at scale.

YubiKeys are the gold standard for phishing-resistant multi-factor authentication (MFA), enabling a single device to work across hundreds of consumer and enterprise applications and services. Yubico’s technology enables secure authentication, encryption, and code signing and is used and loved by many of the world’s largest organisations and millions of customers in more than 160 countries.

Aligned with its mission of making the internet more secure for everyone, Yubico donates YubiKeys to organisations helping at-risk individuals through the philanthropic initiative, Secure it Forward. Yubico is privately held, with presence around the globe and offices in Santa Clara, San Francisco, Seattle area, and Stockholm. For more information, please visit:

*Australia, France, Germany, New Zealand, Singapore, Sweden, United Kingdom, United States.

About Post Author


Convictions remain rare for police accused of sexual assault

Few cases of sexual assault by police are investigated by Ontario’s Special Investigations Unit, and fewer result in a conviction. Credit: Shutterstock Over the past few years, social movements from #MeToo to Black Lives Matter have raised awareness of sexual violence, police brutality and systemic racism. Police-involved sexual assault—sexual ...

View more: Convictions remain rare for police accused of sexual assault

Reviewing Microsoft's rough security year in 2022

The ubiquity of Microsoft technology in organisations big and small make it a target for attack. These are the most important vulnerabilities and fixes from 2022 that admins need to know.

View more: Reviewing Microsoft's rough security year in 2022

How to combat counterfeit network gear

Tips for avoiding fake gear and what to do if businesses discover phoney devices on the network.

View more: How to combat counterfeit network gear

Salesforce deepens integration between Slack and Sales Cloud

At Salesforce’s World Tour NYC event, the cloud-based CRM software maker announced new tools to drive sales teams’ speed and efficiency.

View more: Salesforce deepens integration between Slack and Sales Cloud

iQOO 11 and 11 Pro: The new kings of AnTuTu have been announced

iQOO revealed its new flagship line in China and Indonesia after numerous speculations and leaks. It includes the mobile devices iQOO 11 and 11 Pro. So, the Pro version adds 200W charging, along with the Snapdragon 8 Gen 2 chip from Qualcomm, a 144 Hz refresh rate screen, and the ...

View more: iQOO 11 and 11 Pro: The new kings of AnTuTu have been announced

Top 6 Ways to Fix Picture-In-Picture Mode Not Working on Android

Picture-in-Picture (PiP) is a useful feature on Android that allows you to watch any video in a small floating player. You can watch your favorite YouTube video while scrolling through your Instagram feed. Although the feature has been around for a while, it does not always function as expected. If ...

View more: Top 6 Ways to Fix Picture-In-Picture Mode Not Working on Android

IBM acquires Octo to boost government business

Octo exclusively serves the US federal government, including its defence, health, and civilian agencies in digital transformation projects.

View more: IBM acquires Octo to boost government business

Atlassian targets ITSM with new additions to Jira Service Management

Atlassian seeks to double down on its vision for IT service management with features to help devops, IT, support and business teams work together in a more seamless way.

View more: Atlassian targets ITSM with new additions to Jira Service Management

Intel begins layoffs, offers unpaid leave to factory workers globally

iQOO 11 5G, iQOO 11 Pro launched with Snapdragon 8 Gen 2 SoC, 144Hz AMOLED Display, V2 Imaging Chip

Oppo Find X6 and X6 Pro: discover the radical new design

Google Chrome gets memory- and power-saving modes

FTC sues to block Microsoft’s $69B Activision Blizzard takeover

xrOS or realityOS? Here’s what Apple’s Mixed Reality headset could feature

Tech layoffs likely to increase demand for EB-5 investor program in US

Moto X40 with Snapdragon 8 Gen 2 SoC, IP68 Rating, Under Display Selfie Camera launching on December 15

FTC sues Microsoft to block its acquisition of Activison Blizzard

One catalyst generates four nitrogen-containing products at high selectivities

Single-electron devices could manage heat flow in electronic components

4 Best Privacy Screen Protectors for iPad 10th Generation


Top Car News Car News