Passkeys set to become leading authentication method by 2027, HYPR reports

HYPR, the Identity Assurance Company, has released the fifth edition of its ‘State of Passwordless Identity Assurance Report.’

The report

The report reveals an increasing misalignment between real-world security risks and outdated authentication methods.

It also highlights the growing risks associated with outdated authentication methods and the rise of new generative AI-related attacks.

However, the report signals a potential turning point in the fight against identity-based attacks, with phishing-resistant authentication methods like FIDO passkeys poised to become the dominant solution within the next two years.

The company states that this is a first in the report’s five-year history.

Findings

Using insights from 750 IT security decision-makers across various industries and regions, the report, commissioned by HYPR and conducted by S&P Global Market Intelligence 451 Research, revealed:

Organisations under siege from exploited weaknesses

• Nearly half (49%) of organisations suffered a breach in 2024, with 87% attributed to identity vulnerabilities
• These were primarily driven by credential misuse (47%), privilege access abuse (41%), social engineering (36%) and MFA bypass (35%)

Breaches are taking a toll beyond the bottom line

• These attacks caused substantial financial losses (an average of $2.5 million per incident) and legal ramifications (20%), forcing many organisations to reduce headcount, demote executives (34%) and downsize their frontline workforce (38%)

Deepfakes emerge as a modern identity threat

• In 2024, IT decision-makers named GenAI a major concern (60%), with deepfake identity fraud taking the top spot
• Today, nearly 40% of organisations have suffered a GenAI-related security incident in the past year and a staggering 95% were hit by some form of deepfake attack – including altered static imagery (50%) and manipulated live (44%) and recorded (41%) audio/video

A new era of secure authentication is here

• For the first time in the report’s history, passwordless and FIDO-based authentication methods are gaining significant traction with 46% of respondents now utilising these secure solutions
• This adoption of phishing-resistant authentication marks a paradigm shift in cybersecurity with FIDO passkeys and hardware keys poised to become the gold standard in authentication by 2027
• This trend is further validated by the FIDO Alliance’s recent survey results, which revealed that 87% of organisations have successfully deployed or are deploying passkeys

“A powerful wave of innovation”

Bojan Simic, CEO, HYPR commented: “We are in the midst of The Identity Renaissance, a period of profound transformation.

“Our report serves as a clarion call, exposing the vulnerabilities of outdated authentication methods and the urgent need for change. But amidst this challenge, there’s a powerful wave of innovation.”

Simic continued: “Phishing-resistant authentication, led by FIDO passkeys, is poised to redefine how we secure digital identities, not just by replacing passwords but by fundamentally shifting our approach to managing and verifying identities.”

“The need for change”

Garrett Bekker, Principal Research Analyst at S&P Global Market Intelligence 451 Research commented: “This report highlights a key moment in identity security.

“While the surge in GenAI-fueled attacks and the persistence of traditional vulnerabilities underscore the need for change, the anticipated dominance of phishing-resistant authentication by 2027 offers a clear, strategic path forward.”

Bekker continued: “Organisations must now prioritise the deployment of phishing-resistant authentication such as FIDO passkeys and other modern identity verification tools, not as a future aspiration but as a core component of their immediate risk mitigation strategy.

“Failure to do so will leave them exposed to escalating threats and undermine their ability to compete in an increasingly digital-first economy.”