59% of API vulnerabilities require no authentication.

Approximately 98% of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication.

Only 2% of organizations in industrial and critical infrastructure environments use enterprise-grade authentication such as 802.1X.

One in four attacks involve stealing saved passwords from browsers to authenticate as valid users.

44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.

90% of global organizations reported challenges in moving toward passwordless authentication.

Japan ranks #1 in the proportion of organizations using passwordless as the primary authentication method.

57% of global users still do not use passwordless authentication as their primary method.

E-commerce platforms represent approximately 45% of all passkey authentications, led by Amazon's commanding 39.9% share.

40% of Dashlane users now store at least one passkey, double the rate from just a year ago.

Microsoft's decision to make passkeys the default sign-in method drove 120% growth in passkey authentications.

Roblox's passkey authentications grew by 856%, representing the most dramatic surge in the dataset.

The average person now manages 301 passwords across their personal and work accounts.

Passkey authentications have more than doubled year over year to 1.3 million per month.

Germany's Bundesagentur für Arbeit saw 181% growth in passkey authentications.

HubSpot has seen a 25% improvement in login success rates over passwords.

Gemini's passkey authentications grew by 269% after making passkeys mandatory for all users.

8.5% of open-source Model Context Protocol (MCP) server implementations adopt modern and secure authentication methods, such as OAuth.

33% of organizations flagged authentication problems as the most common API security problem.

Only 26% of respondents consider usernames and passwords to be the most secure authentication method.