59% of API vulnerabilities require no authentication.

Approximately 98% of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication.

Only 2% of organizations in industrial and critical infrastructure environments use enterprise-grade authentication such as 802.1X.

One in four attacks involve stealing saved passwords from browsers to authenticate as valid users.

44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.

90% of global organizations reported challenges in moving toward passwordless authentication.

Japan ranks #1 in the proportion of organizations using passwordless as the primary authentication method.

57% of global users still do not use passwordless authentication as their primary method.

E-commerce platforms represent approximately 45% of all passkey authentications, led by Amazon's commanding 39.9% share.

40% of Dashlane users now store at least one passkey, double the rate from just a year ago.

Microsoft's decision to make passkeys the default sign-in method drove 120% growth in passkey authentications.

The average person now manages 301 passwords across their personal and work accounts.

Roblox's passkey authentications grew by 856%, representing the most dramatic surge in the dataset.

Passkey authentications have more than doubled year over year to 1.3 million per month.

Germany's Bundesagentur für Arbeit saw 181% growth in passkey authentications.

HubSpot has seen a 25% improvement in login success rates over passwords.

Gemini's passkey authentications grew by 269% after making passkeys mandatory for all users.

8.5% of open-source Model Context Protocol (MCP) server implementations adopt modern and secure authentication methods, such as OAuth.

33% of organizations flagged authentication problems as the most common API security problem.

Only 26% of respondents consider usernames and passwords to be the most secure authentication method.