It may not come as a surprise that stolen credentials are the number one attack vector in breaches. Businesses have long been aware of the security vulnerabilities surrounding access and authentication. But how well are they securing their authentication methods in response to these threats?

JumpCloud surveyed over 600 IT professionals working at small- to medium-sized enterprises (SMEs) to find out the answer to this, among many other questions relating to security, MSP relationships, AI, and other issues affecting SMEs today. In this blog, we’ll uncover the trends we found when it comes to SMEs and secure authentication practices. We’ll also discuss some of the best ways for SMEs to enhance their authentication security so they can protect against ongoing threats. 

Unless otherwise cited, all data cited in this blog is from JumpCloud’s security report, How Are SMEs Navigating Security?

Steady Biometric Adoption Signifies Positive Change

Biometric authentication uses biological features, like fingerprints, facial features, and voice, to confirm an individual’s identity before granting access. This authentication method provides an extra level of security over passwords because biological features are much harder to fake, duplicate, or steal.

Biometric authentication is gaining traction among SMEs as a preferred method for securing access to sensitive information. Well over half (66%) of SMEs now require biometrics for authentication. This number is almost the same as it was in Q1 of 2024 (67%), signifying a steady rate of adoption. What’s more, the majority of IT professionals recognize biometrics as a more secure alternative to the password: 67% said that biometrics would strengthen their organization’s security posture.

In addition to its added security benefits, biometric authentication is typically very user-friendly. Fingerprint or facial scans, for example, are quick and require little to no effort on the user’s part. Passwords, on the other hand, require users to remember and input them at every login.  

Perhaps because of the increased user-friendliness of biometrics, the belief that added security creates a more cumbersome experience is dwindling. Now, only 61% of IT professionals believe that additional security measures create a frustrating experience, down from 67% in Q1 of 2024. 

The Stubborn Password Problem

Despite advancements in authentication technologies, passwords remain the most commonly used authentication method. 

A staggering 95% of SMEs still rely on passwords to protect at least some of their IT resources. Because the password is so steadfastly popular, most employees have to juggle many at a time. Nearly one-fifth of employees have to juggle 10 or more tools just to access all of their IT resources. Given the vulnerabilities associated with passwords, however, password-heavy environments are a recipe for attack.

We know eradicating passwords is easier said than done — there’s a reason they’ve proliferated this long despite our knowledge of their fundamental security flaws. They’re what employees are used to, and even if your organization went passwordless, most third-party tools would still require one. There will likely come a day when passwordless authentication is the new normal, but until then, it’s important to protect passwords with additional layers of security. 

Next, we’ll explore some of the best ways SMEs can further secure their authentication methods, even if they are based on the password. 

How to Secure Your SME’s Authentication

1. Multi-Factor Authentication

Instead of making the password the only thing a user needs to prove their identity, SMEs can layer their authentication requirements with multi-factor authentication (MFA). With MFA, the password becomes just one of several (two or more) factors a user must present to prove their identity. 

New tools are making this process more user-friendly. Biometrics, for example, are a common second factor that require little to no effort for the user. In addition, some password manager tools can store and input MFA tokens, which removes the burden from the user. 

2. The Case for Single Sign-On (SSO)

Single sign-on (SSO) is another way to secure password-based authentication. SSO allows employees to access multiple applications with a single set of credentials, reducing the number of passwords they need to remember. This not only simplifies the user experience but also enhances security by minimizing the chances of password fatigue, which often leads to risky behaviors like password reuse.

By implementing SSO, SMEs can reduce their reliance on traditional passwords while still ensuring secure access to essential applications. This approach aligns well with the growing trend of centralized IT management, where IT teams can maintain greater control over user access and permissions. 

3. Password Management

Password managers can increase security while improving the authentication experience for users in several ways. First, they remove the burden of memorizing passwords. This makes users less likely to store passwords improperly (no need for password sticky notes or cheat sheets) and reduces the frequency of password reset requests for IT admins. 

In addition, password managers can help manage shared accounts, MFA tokens, payment cards, and more. The result is a more streamlined and reliably secure approach to password authentication and protection of sensitive information. 

Moving Toward a Secure Future

In addition to the methods listed above, one of the ways you can bolster your security is by understanding the security landscape relevant to you: how are your peers and competitors approaching security? JumpCloud dug into this question and many other relevant security topics in its most recent report, How Are SMEs Navigating Security? Download the free report today to explore new data on how IT professionals are approaching security — from how they’re budgeting for it to how they see it evolving over time.