HYPR declares Identity Renaissance in report on state of passwordless ID assurance

In its latest report on the risks and challenges facing digital identity assurance, Hypr takes inspiration from a transformative period in human history: the Renaissance. The report argues that, much as the days of Leonardo da Vinci and Galileo marked “a fundamental reimagining of how humans saw themselves and their place in the world,” we find ourselves at “a similar inflection point in the digital realm.”

Both the ways in which we have come to rely on digital technology, and security flaws in legacy models of authentication, mean we must reconsider our relationship with digital identity. “Passwords, knowledge-based verification, and even many forms of traditional MFA are becoming relics of a bygone era,” the report says. “The data is stark: nearly half of all organizations surveyed suffered a breach in the past year, with an overwhelming 87 percent of those breaches linked directly to identity vulnerabilities.”

The numbers are even worse for generative AI, which has become a primary threat. Ninety five percent of respondents to Hypr’s survey have experienced “some form of a deepfake incident.” Per the report, respondents identified altered static images (50 percent), manipulated live audio (44 percent) and manipulated recorded audio (41 percent) as the most commonly encountered deepfake formats.

Traditional methods of authentication simply don’t cut the mustard any more. Luckily, passwordless, phishing-resistant authentication is on the rise. The report notes that “passwordless and FIDO-based authentication methods, which are much more secure, are now in use by nearly half (46 percent) of respondents.”

Moreover, “for the first time in the five-year history of this report, phishing-resistant authentication methods – such as hardware keys and passwordless (FIDO) passkeys – are projected to be the most widely deployed authentication methods within the next two years.”

The survey says face, fingerprint and voice biometrics show the largest increase in usage, with a ten percent jump from year to year.

O passwords, how can I leave thee? Let me count the ways

Despite this, Hypr says, “the industry is finding it hard to get rid of passwords completely. While stand-alone username and password methods rank last, 40 percent of respondents still have systems that rely solely on usernames and passwords. Part of the reason is that many enterprise resources do not yet support MFA or modern authentication protocols.”

Inertia plays a role: many organizations think what they have is good enough. And then there is the persistent problem of semantic clarity. The report says confusion remains about the meaning of ‘phishing resistance’. “Phishing remains a top security concern for most organizations,” it says. “Unfortunately, survey responses reflect considerable ongoing confusion about which authentication methods are actually ‘phishing-resistant’ and which are not.”

The lack of clarity is “exacerbated by the absence of a universally agreed upon definition or set of principles.”

Similarly, two sections down, Hypr declares that “identity verification is widely deployed, particularly after a breach, but still misunderstood.”

Finding consensus in language around biometric tech is one of the key challenges facing the industry. The report suggests that, between standards and outreach initiatives, “the industry must educate end users and decision makers and promote the advantages of phishing resistant technologies, both in the workforce and in consumer arenas.”

The report identifies breaches as a key driver of adoption for biometrics and other advanced authentication technologies. But it seems a bit like suggesting people wait for someone to break into their house before installing better locks. Surely better ways to communicate are a more proactive solution. Hypr’s report is yet more evidence that, while we may be in an Identity Renaissance, it has yet to find its poets.

Next month, Hypr CEO Bojan Simic and 451 Research Analyst Garrett Bekker will host a webinar to further break down the report and the general state of passwordless identity assurance. Interested parties can sign up here.

Article Topics

biometric authentication  |  biometrics  |  digital identity  |  HYPR  |  identity proofing  |  identity verification  |  passkeys  |  passwordless authentication