grid-line

40+ Multi-Factor Authentication Stats (2024)

by Fabio Duarte
September 20, 2024

The global cybersecurity market is valued at almost $200 billion.

As many as 30% of internet users have fallen victim to a data breach due to a weak password.

As a result, many companies are turning to multi-factor authentication (MFA) to provide additional security.

Below, we’ll dive into the top MFA stats including user and regional data.

Contents

Top MFA Stats

  • Over 50% of IT professionals use time-based one-time passwords for MFA.
  • Around 1 in 4 companies have turned to MFA after a cybersecurity breach.
  • 55% of small businesses are not aware of MFA.
  • In the space of a year, Germany increased MFA adoption by over 1.5x.
  • 33% of consumers are reluctant to use MFA because it is annoying.
  • Nearly 1 in 2 IT and cybersecurity leaders predict that MFA will replace passwords.

More than half of IT professionals use time-based one-time passwords (HYPR)

The most popular multi-factor authentication method is time-based one-time passwords (TOTPs).

A 2023 survey revealed that nearly 56% of respondents use SMS TOTPs, while over 51% use email TOTPs.

More than one-third of IT professionals use mobile push notifications, while about 30% use email one-time passwords (OTPs) – not time-based – and about 30% use SMS OTPs.

A small number (1.83%) of IT professionals said no MFA protocols were implemented in their organization.

undefined

Here’s a breakdown of the most popular forms of MFA:

Multi-Factor Authentication (MFA) Method Share of Respondents
SMS TOTPs 55.96%
Email TOTPs 51.38%
Mobile device push notifications 36.7%
Email OTPs (not time-based) 30.28%
SMS OTPs (not time-based) 30.28%
Email web links 26.61%
QR code scanned by mobile device 26.61%
SMS web links 25.69%
PC push notifications 21.1%
Hardware token 20.18%
Fast Identity Online (FIDO) security keys 16.51%
FIDO mobile authenticator 13.76%

Around 7 in 10 companies use usernames and passwords as an authentication method (Cybersecurity Insiders)

The most popular authentication method employed by organizations is a username and password (68%).

This is followed by software tokens like one-time passwords, with half of all companies using them.

Here’s a closer look at the most used authentication methods:

Authentication Method Respondents Using
Username and password 68%
Software tokens (e.g., one-time password) 50%
Hardware tokens (e.g., key fobs, USB tokens, smart cards) 34%
Out-of-band authentication (e.g., push notifications, SMS, voice) 30%
Biometric authentication 26%
Tokenless authentication (e.g., context-based, pattern-based) 22%
Social identity credentials (e.g., LinkedIn, Facebook, X) 18%

MFA Security Statistics

Increasing two-factor authentication adoption is the top authentication priority for developers (Bitwarden)

Approximately 2 in 5 (41%) developers are prioritizing 2FA adoption over any other authentication area.

Here’s how this compares to other authentication priorities for developers:

Only 2% of developers believe that some form of authentication improvement is not a priority.

26% of organizations have implemented MFA following a cyberattack (Cybersecurity Insiders)

After facing a cyberattack, around 1 in 4 companies turn to MFA to strengthen security.

undefined

That makes it the third most popular response to cyberattacks alongside increased user education and awareness training (26%).

The most common ways organizations have improved cybersecurity are by conducting regular security audits and vulnerability assessments (38%) and by strengthening password policies (30%).

Other security enhancements made after cyberattacks include:

  • Increasing education and awareness (26%)
  • Launching monitoring and detection programs (24%)
  • Deploying single sign-on solutions (24%)
  • Implementing encryption/secure communication protocols (22%)
  • Enhancing access controls and user privilege management (20%)
  • Detecting and remediating compromised credentials (18%)
  • Adopting passwordless authentication methods (10%)

Over half of small business owners have yet to implement MFA (Cyber Readiness Institute)

The use of MFA is recommended by security experts, yet just 46% of small businesses are using it.

Furthermore, only 13% of small business employees need MFA to access their employer’s accounts or applications.

More than half of small businesses are not very aware of MFA (Cyber Readiness Institute)

Cybersecurity awareness is under expected levels in small and medium-sized businesses (SMBs).

Over half (55%) of SMB owners are not “very aware” of MFA and its security benefits.

undefined

It’s perhaps unsurprising that 54% of SMBs have not implemented MFA, as 47% of those in charge claim to either not understand it or see its value.

99.9% of automated cyberattacks are blocked by MFA (Microsoft, AAG)

Microsoft claims that more than 300 million fraudulent sign-in attempts are made daily on cloud servers. Meanwhile, Google blocks approximately 100 million phishing emails per day.

However, by implementing MFA, organizations can block up to 99.9% of all automated cyberattacks.

MFA implementation can halve the number of account hacks (ExtremeTech)

According to Google, account hacks drop by 50% when using two-step verification.

MFA by Region

Germany has seen the largest annual increase in MFA volume (Duo Security)

In 2023, no other nation recorded a bigger rise in MFA volume than Germany (52.3%).

Japan saw the next largest increase in MFA volume with a 28% change over the previous year.

undefined

Here are the countries with the greatest recent increases in MFA usage:

Nation Region 2023 MFA volume increase
Germany Europe 52.3%
Japan Asia 28%
Brazil South America 26.3%
Philippines Asia 24.9%
Australia Oceania 16.9%
Canada North America 14%
United States North America 13.4%
Singapore Asia 6.1%
United Kingdom Europe 4.5%
India Asia 1.7%

China has seen a decrease of over 25% in annual MFA volume (Duo Security)

As of 2023, China has seen the largest fall in MFA volume, dropping 26.3%.

undefined

That is closely followed by Jamaica, with a fall of 23.3%.

Here are the countries with the greatest recent decreases in MFA usage::

Nation Region 2023 MFA volume decrease
China Asia 26.3%
Jamaica North America 23.3%
Hong Kong Asia 10.8%
Hungary Europe 10.4%
Ireland Europe 10.3%
Taiwan Asia 8.2%
Kenya Africa 6.8%
El Salvador North America 5.5%
Netherlands Europe 2.5%
Israel Asia 1.4%

Opinions on MFA

Around 9 in 10 people claim that passwordless MFA provides the top level of security (HYPR)

According to a 2024 HYPR report, 89% of people think that MFA without passwords is the highest level of security achievable.

As a result, 41% of those surveyed intend to adopt some form of passwordless authentication in the next 12 to 36 months.

1 in 3 consumers will not use MFA because it’s annoying (Prove)

The most common reason (33%) for refusing to use MFA is that “it’s annoying”.

undefined

Other frequent reasons include:

  • MFA is “too complicated” (23%)
  • MFA is “too slow” (23%)
  • MFA verification often gets lost in spam or is not delivered at all (22%)

Around 1 in 5 people believe MFA is the best way to achieve personal cybersecurity (Keeper Security)

A 2023 survey found that “picking strong passwords” (28%) was voted the top way to improve personal cybersecurity.

Not sharing personal information online (19%) and enabling MFA or 2FA (19%) placed joint-second.

Other popular methods people choose to protect themselves against cybersecurity threats include purchasing anti-virus protection (11%), using a password manager (7%), and keeping their software up to date (7%).

About one-tenth (9%) of respondents said they do not think there is a single best way to achieve personal cybersecurity.

Almost half of IT and cybersecurity leaders expect MFA to replace static passwords (Delinea)

Nearly 1 in 2 (46%) of IT and cybersecurity leaders predict that MFA will take the place of static or reusable passwords in the workplace, according to a 2023 survey.

Of the solutions listed, MFA came in second (46%), with biometrics in the top spot (58%).

undefined

Here’s the full list of solutions that are being used to replace static passwords at work:

Password Replacement Method Proportion of Vote
Biometrics (facial recognition, fingerprint scans, iris scans, voice activation, etc.) 58%
Multi-factor authentication 46%
One-time password, magic links, QR codes 37%
Security keys 37%
Passkeys 35%
PIN codes 34%
Single sign-on 30%
Passphrases 26%

Approximately 3 in 4 people say a smartphone is the most convenient MFA method (Cybersecurity Insiders)

When asked for the most convenient method of conducting MFA, 73% of IT professionals agreed on smartphones.

That is over 4x more than the next most popular answer – a built-in authenticator like TouchID or Windows Hello (17%).

The remaining respondents opted for a smart card (5%) and a Universal 2nd Factor (U2F) security card (5%).

Conclusion

Although MFA usage is on the rise, there is evidently plenty of room for further adoption.

For more related data and statistics, take a look at Top Cybersecurity Industry Trends, Cybersecurity Companies & Startups to Watch, and the Top Cybersecurity Newsletters you can subscribe to.