Today, Okta published its second Secure Sign-in Trends Report, our annual report into multi-factor authentication (MFA) use in the workplace.

The report takes anonymized and aggregated data from Okta’s Workforce customers to answer some key questions:

• What sign-in methods offer the best mix of security and user experience? 
• Which methods are the next generation of organizations pivoting to? 
• How does MFA adoption in my organization compare with my industry peers or other organizations of my size?

Response to our 2023 report was tremendous. For the first time, Okta administrators on their own Identity journeys could compare their authenticator strategy against their industry and peers. 

We’ve processed their feedback and considered how to make the report more useful for customers. So, for the 2024 report, we updated our metrics and strengthened our assessment methodology leveraging IT and Security practitioners’ input about their priorities. 

What did we learn from the data this time? Most significantly, we continue to see steady growth in MFA adoption, with phishing-resistant MFA on the rise. 

Read on for more key takeaways.

1. MFA adoption continues its upward trajectory 

As of January 2024, MFA adoption climbed to 66% among Okta workforce users, while 91% of administrators use MFA. As part of the Okta Secure Identity Commitment, Okta has begun enforcing MFA for all Administrators' access to the Okta Admin Console, so we expect the numbers to continue growing in 2025.

2. Phishing-resistant methods show great momentum and passwordless is here

Try as we might, securing passwords will always be a losing game in the long term. For the first time, we can see clear progress in password eradication— almost 5% of users no longer use passwords in a month.

Phishing-resistant methods are rapidly taking up the space vacated by passwords — adoption of Okta FastPass increased from 2% to 6% between January 2023 and January 2024. It’s clear: A passwordless world isn’t a sci-fi dream; it’s a reality that many Okta customers are living now.

3. Security and user experience aren’t exclusive

Historically, every additional method of user verification has created user friction, slowing employee productivity. For our 2024 report, we commissioned a survey of IT and Security practitioners to develop a metric weighting applied to data on MFA attributes. The results reveal that in real-world production environments, phishing-resistant authenticators improve security and user experience.

4. MFA adoption varies widely 

This year, MFA adoption by the federal government increased by seven points to 55%, one of the largest jumps observed in our data. With U.S. executive orders (EOs) coming into force and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) endorsing MFA and phishing-resistant authentication, we are seeing real progress in this sector.  

Uplevel Your Security with MFA

We’re excited to see so much progress in securing authentication, and we hope this report can help you make the case for stronger authentication in your organization.

Here are five things you can do now to improve your security posture as you move toward your passwordless future

To discover more trends in secure sign-in, read the full report.

We want to hear from you

The Secure Sign-In Trends Report is made possible by you, our customers and readers, and we need your help in creating the 2025 report. Please take five minutes to fill out our authenticator survey and let us know your assessment of the security and ease of use of authenticators. We’re proud of the 2024 report, but with your help, we can make the next one our best yet.