Finally, Some Good News: Javelin Reports Progress in Post-Password Security Adoption

“The increase in strong authentication adoption makes sense given that while data breaches, phishing threats and regulatory pressures have risen, the financial and user experience costs associated with implementing strong authentication have decreased.” – Al Pascual, SVP and Research Director, Javelin Strategy & Research

Finally, some good news about the current state of digital security: A new report from Javelin Research suggests that organizations are finally embracing post-password security mechanisms. Entitled “The State of Strong Authentication 2019” and sponsored by the FIDO Alliance, the report offers a number of encouraging statistics and trends.

For one thing, Javelin says that the number of organizations using multi-factor authentication that includes public key cryptography has tripled since 2017 when it comes to consumer authentication, and increased 50 percent within the enterprise. Another encouraging metric: Almost 70 percent of businesses indicated that they are facing strong regulatory pressures, such as the PSD2 framework introduced by the European Union last year, that are pushing them to implement strong authentication systems for their customers.

Commenting on the findings in a statement, FIDO Alliance Executive Director Brett McDowell expressed his hope that the research “helps to raise awareness of new cryptographically-backed authentication capabilities, compliant with industry standards from FIDO Alliance and W3C,” adding later that platforms incorporating such security systems are allowing end users “to use their finger, face or security key to login to all of their favorite websites and applications.”

While that’s all encouraging, it still must be noted that there are holdouts delaying digital security’s march of progress: Javelin’s study notes that two-thirds of businesses still rely on passwords for employee authentication, believing them to be “good enough” for their security purposes. It’s going to take more data breaches to reduce the number of holdouts – and it’s a fair bet that they’re coming.