2 people walking in hallway, looking at a tablet

Passkey Adoption in the Workforce: What the Numbers Say

New Research Shows That 87% of Enterprises Are Already Deploying Passkeys

Are passkeys enterprise-ready?

Industry watchers have long argued that the answer is “yes.” Now, new data from HID and the FIDO Alliance suggests that most organizations agree. In fact, 87% of businesses surveyed have successfully deployed or are deploying passkeys — a number that’s up 14 percentage points from the previous survey.

Of course, enterprise passkey deployment also comes with unique challenges like cost, change management and integration with legacy systems. In this article, we’ll review key findings from the study and explore how businesses have overcome these challenges to deploy passkeys in ways that enhance security, improve user experience and reduce operational risks.

What’s the Pulse on Enterprise Passkeys?

In September 2024, the FIDO Alliance surveyed 400 UK and US executives in companies with 500+ employees who are or would be involved in the deployment of enterprise passkeys. Here are the key findings:

1. The Question’s Not If, But How

Most companies understand the value of passkeys and FIDO standards. In fact, two-thirds      of survey respondents said that passkey deployment is a high or critical priority, and 87% have either successfully deployed or are currently deploying passkeys.

87% *Compared to data from a 2022 internal FIDO Alliance survey of surveyed organizations have successfully deployed or are deploying passkeys — a growth by 14 percentage points since 2022*

The most common reasons for deploying these FIDO credentials: to improve employees’ user experience, comply with regulatory standards and mitigate the risk of data breaches.

2. Passkeys Aren’t One-Size-Fits-All

Of course, there are several different types of passkeys available to enterprise users. According to our research, most organizations are deploying a mix of synced and device-bound passkeys — which we expect to be the norm going forward to support different applications and use cases. Smart cards are the most common home for device-bound passkeys. This, too, is no surprise considering that the enterprise workforce is already quite familiar with them.

6 4 % 6 3 % 5 7 % Device-bound passkey in the form of smart card or card Synced passkeys Device-bound passkey in the form of security key Counts (base 400) (Count 250) (Count 244) (Count 221)

Passkeys were developed to help “reduce the world’s reliance on passwords,” which have stubbornly hung on in enterprise settings in spite of their expense and insecurity. Encouragingly, enterprise passkey deployment did have a positive impact — in fact, password usage dropped by 26% after organizations implemented passkeys.

3. Users Who Access Sensitive Data Are the Top Priority

Only 21% of organizations that are deploying enterprise passkeys are targeting all of their users. Instead, most have prioritized passkey rollouts to users with access to sensitive data and applications.

Organizations are prioritizing specific user groups for passkeys, with the top three cited user groups being: Only 21% said they are targeting all of the users in their organization. 39% 39% 34% those requiring access to IP users with admin accounts users at the executive level

It’s a good fit for the phased approach to passwordless authentication that HID recommends for most businesses. Today’s organizations serve a variety of user groups, each with specific security needs and varying levels of technical proficiency. Prioritizing access to sensitive data simplifies change management and makes it easy to get started. Then, organizations can broaden the scope of their efforts once employees adapt to the change.

4. The Return on Investment (ROI) Is Huge

Organizations reported a number of business benefits after rolling out passkeys. 

Unsurprisingly, security improved, with 90% reporting that passkeys are having a strong or moderate impact on authentication security.

Productivity and user experience also saw substantial improvements — and passkeys moved the needle on digital transformation goals at more than 8 in 10 organizations. More tangibly, operating costs also went down, with more than three quarters of respondents citing a reduction in help desk calls.

82% moderate to strong impact moderate to strong impact moderate to strong impact moderate to strong impact moderate to strong impact User experience for login/authentication Increased security for login/authentication Reduction in help desk calls Employee productivity Digital transformation goals 90% 77% 73% 83%

Interestingly, as the study notes, these benefits are directly in line with what businesses who aren’t yet using passkeys dislike most about their current authentication methods: they’re too costly, too easy to compromise and too difficult to use

5. Top Challenges Include Complexity, Cost and Lack of Clarity

So, what about the organizations that haven’t already deployed passkeys (or aren’t currently in the process of doing so)? According to our research, the main issue isn’t lack of desire. Instead, most executives are concerned that passkey deployment will be too costly or too complicated — and they aren’t sure how to how to get started.

43% 33% 31% 29% 27% 24% 24% 20% 18% 18% Too complex Too costly Use of shared workstations Lack of clarity on how to do and plan it Don’t have resources to handle the change management Systems are fragmented We already have other forms of passwordless or MFA in place Strict regulations that won’t allow it Mobile workforce Other higher priorities in the organization Counts (base 51) (Count 22) (Count 17) (Count 16) (Count 15) (Count 14) (Count 12) (Count 12) (Count 10) (Count 9) (Count 9) What are the reasons that have delayed or prevented the use of passkeys in your organization?

Indeed, most of these executives are pessimistic about their prospects: 66% believe that their organization is likely to continue using the authentication solutions they already have in place, even though only 4% are satisfied with those solutions.

However, the reasons they are dissatisfied are the same problems that passkeys are designed to address — ease of use, resistance to compromise and consistency across applications.

In our view, this suggests that more education is needed to help executives see that passkeys don’t have to be difficult, and they certainly don’t have to be implemented everywhere all at once. Instead, organizations should work with vendors to tailor a framework that optimizes the user experience and aligns with their existing technology environment, business needs and compliance mandates. 

Find Your Path to Passkeys

The need to replace cumbersome, insecure authentication methods like passwords and SMS OTPs has been clear for a long time. Fortunately, the numbers suggest that most executives are taking this task seriously — and aligning around passkeys as a way to improve usability, security and productivity in the workplace. 

HID’s enterprise passkey solutions are secure, user-friendly and easier than ever to implement. Powered by our award-winning Authentication Platform — and integrated with a broad range of back-end authentication tools and multi-technology converged credentials — they can be incorporated into form factors from smart cards to security keys and customized to your business needs. What’s more, our Professional Services team speeds value realization with fixed implementation fees and time-to-go-live guarantees.

Explore the power of FIDO credentials with a free sample of our device-bound Crescendo passkey >>

Related Posts

Related Posts