Australian businesses are actively moving to eradicate passwords from employees’ lives, with 90 per cent of IT leaders expecting passwords to represent less than a quarter of their organisation’s logins in five years or less.
This is the verdict from the FIDO Alliance and LastPass recent released 2023 Workforce Authentication Report.
The report gauges IT decision-makers’ attitudes and plans for removing passwords in favour of easier and more secure passwordless authentication.
“The move towards passwordless authentication among Australian organisations has gathered significant momentum over the past few years as an increasing number of organisations have moved to eliminate the risk and liability of passwords, as they are the source of the vast majority of data breaches,” said Andrew Shikiar, Executive Director of the FIDO Alliance. “Today’s report validates this trend by showing that Australian IT leaders are in step with their global counterparts – and in some instances ahead of the global average – in rapidly looking to minimise their reliance on legacy authentication methods in favour of passkeys which provide user-friendly, phishing-resistant sign-ins.”
The report also found that:
- Australian businesses are ready to embrace a passwordless future, with 94 per cent planning to move, or have already moved, to passwordless technology (ahead of the global average of 92 per cent) within the next two years, with 41 per cent of those planning to do so within the next six months. Meanwhile, 19 per cent have already adopted a passwordless experience at their organisation.
- Businesses believe passkeys will help make them more secure: 94 per cent of Australian businesses believe passkeys will benefit their overall security posture (above the global average of 92 per cent), and 92 per cent agree that passkeys will eventually help reduce the volume of unofficial (i.e., ‘Shadow IT’) applications.
- However, many Australian businesses recognise that work still needs to be done: a majority of Australian businesses surveyed are still using phishable authentication methods[1], such as a one-time passcode (OTP) sent to a handset or tablet (41 per cent), manually entering a password (27 per cent) and/or using multi-factor authentication (MFA, 36 per cent) when it comes to authenticating users within their organisation.
- The majority recognise that this transition will take time and education: 51 per cent of Australian IT leaders surveyed feel they need more education on how passwordless technology works and/or how to deploy it, and 25 per cent cited concerns that users may be resistant to change or using a new technology.
- When making this transition, Australian businesses made it clear they want to choose where they store passkeys, with 69 per cent of local IT leaders anticipating storing them in a third-party password manager.
“These survey results demonstrate that businesses are excited about the prospect of a passwordless future, and all the benefits that future will bring. And the clear majority also recognise that a password manager plays an important role in that future,” said Mike Kosak, Senior Principal Intelligence Analyst at LastPass. “While the adoption of passwordless authentication will take some time and coaching, LastPass is proud to support forward-thinking leaders like these on that journey – ushering their organisations toward security that is stronger and more effortless than ever.”
Research for report was conducted by Sapio Research through an online survey of 1,005 IT decision makers in Australia, the United States, Germany, United Kingdom, and France. Of those surveyed, 200 respondents were from Australia.
You can read the full report here.
