MFA took off in the Covid era, Okta says

Okta has reported strong growth in the use of multifactor authentication (MFA) on its services, in a study that analysed logins to its Workforce Identity Cloud service.

The company’s Secure Sign-In Trends Report [pdf], released this week, found that 64 percent of its end users and 90 percent of Okta administrators now use MFA, more than double the adoption it measured in 2020.

By comparison, Microsoft in its 2022 Digital Defence Report [pdf] also measured growth in MFA (which it calls “strong authentication”), but from a lower base.

“For Azure AD, strong authentication monthly active users (MAU) grew from 19 percent to 26 percent in the last year, while strong authentication MAU for administrative accounts
grew from 30 percent to approximately 33 percent,” Microsoft said.

Okta said the rise in MFA correlated strongly with the Covid-19 lockdowns in 2020, as enterprises moved to support remote work without compromising their systems.

In the period of February to March 2020, “the MFA adoption rate soared from 35 percent to 50 percent,” the report stated.

Okta found that ease-of-use is a key driver – putting paid to the assumption that people resist MFA because it’s unfriendly to users.

“Okta’s research finds that on average, signing in with passwordless, phishing-resistant authenticators saves time and is less prone to failure when compared to using passwords,” the company said in a statement.

“In our authenticator performance and adoption assessment, Okta FastPass and FIDO2 WebAuthn came out on top as more secure and user friendly than other options,” the report stated.

Okta said the top five industries adopting MFA are insurance (77 percent of users on Okta’s services), professional services (75 percent), construction (74 percent), and media and communications (72 percent).

“Surprisingly, highly-regulated industries tend to lag behind,” Okta said.

These sectors include government, healthcare, financial services, and energy.

“Large enterprises also tend to have lower adoption rates than smaller organisations,” the report added. This slow adoption could be “due to the complexity of replacing legacy infrastructure”.

“Large enterprises are also more likely to use multiple identity providers”.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts