Multi-Factor Authentication: Important Loss Prevention But Stalling In Popularity

April 10, 2025

The adoption rate of phishing-resistant multi-factor authentication ("MFA"), such as hardware keys and device-based passkeys nearly doubled in 2023, according to a study by Okta, a company that provides identity and management solutions.

However, the overall usage rate of MFA remains relatively small. Despite recent mandates from the government and private industry, the adoption rate of all forms of MFA seems to be flattening out at around 65 percent.

Okta's 2024 Secure Sign-in Trends Report notes that MFA adoption rates vary widely by industry, with the technology sector leading the way at 88 percent and the warehousing and transportation sector lagging at 38 percent. Interestingly, there is an inverse correlation between the number of employees and the rate of MFA adoption, with smaller organizations having higher adoption rates.

https://www.scworld.com/resource/the-rise-of-phishing-resistant-mfa-and-what-it-means-for-a-passwordless-future

Commentary

MFA differs from Single-Factor Authentication (SFA) which involves a single form of verification like a password or PIN. However, as cyberattacks grew, the demand for more effective authentication methods led to the development of Two-Factor Authentication (2FA) in the 1980s. 2FA added an extra layer of security by requiring a second form of verification, such as a smart card or token, in addition to a password.

In the 2000s, more sophisticated forms of authentication emerged, including biometric authentication (e.g., fingerprint, facial recognition), behavioral biometrics (e.g., keyboard typing patterns), and contextual authentication (e.g., location-based authentication). Modern MFA solutions often incorporate multiple factors, such as something you know (password, PIN), something you have (smartphone, smart card), something you are (biometric data), somewhere you are (location-based authentication), and something you do (behavioral biometrics).

The adoption of MFA has been influenced by various factors, including the explosion of mobile devices, the scale and sophistication of cybersecurity threats, regulatory requirements, and the rise of cloud computing and changing workplaces.

Multi-Factor Authentication (MFA) offers several benefits that enhance security and user experience.

  • By requiring multiple forms of verification, MFA significantly reduces the risk of unauthorized access to sensitive information.
  • Traditional login mechanisms are susceptible to attacks like phishing, keylogging, and brute-force attacks. MFA mitigates these vulnerabilities by adding extra layers of security.
  • Many industries have regulatory requirements that mandate the use of MFA to protect sensitive data. Implementing MFA helps organizations comply with these regulations.
  • By providing a more secure authentication process, MFA helps build trust with users, ensuring that their data is protected.

The final takeaway is that single-factor authentication is vulnerable to phishing. Organizations should protect their accounts and devices by requiring MFA.


 

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Are Employees Empowered To Decline Additional Work? You Make The Call

A survey claims employees are empowered to say "no" to additional work. What do you say? You make the call and join the conversation.

The HIPAA Security Rule And OCR's Risk Analysis

The Department of Health and Human Services settles a claim with an ambulance authority as to a ransomware attack. We examine the case and the new impetus on OCR's Risk Analysis Initiative.

Lessons Learned From The "Rainbow Warrior" Executive Kidnapping

Nearly 33 years ago, a former security consultant kidnapped and murdered an Exxon executive. We examine that tragic case, and the lessons learned.

Does Poor Sleep Affect Work Productivity? You Make The Call

A survey claims poor sleep affects employees at work dramatically. Does it impact you? You make the call and join the conversation.

The Interactive Process Limits Hostile Work Environment Claims

A healthcare employer is sued for not providing a reasonable accommodation and for a hostile work environment. We examine how the interactive process could have prevented the claims.