Multi-Factor Authentication (MFA) Trends to Know in 2024

Written by Hatice Ozsahan and David Worthington on November 23, 2023

Share This Article

Multi-Factor Authentication (MFA) is about verifying who you are in more ways than one, making it tougher for unauthorized users to gain access to sensitive information. It’s a critical tool in the arsenal of identity and access management, ensuring that a simple username and password aren’t the only gates guarding your digital accounts.

When you log in, MFA might ask for something more – a code from an app, an answer to a personal question, or even a quick biometric check like a fingerprint or facial scan. While a savvy hacker might guess or steal a password, replicating your biometrics or snagging a one-time code is a much taller order.

By adding these extra verification steps, MFA goes a long way in preventing unwanted access, safeguarding against data breaches, account takeovers, and a host of other digital threats. MFA adoption works best when it improves IT efficiency, user friendly, and is phishing-resistant.

MFA Stats – Editor’s Picks

  • The technology industry leads in MFA implementation with 87% adoption.
  • 95% of MFA users opt for software solutions like mobile apps.
  • Larger companies show higher MFA usage; 87% of firms with over 10,000 employees use MFA.
  • 62% of individuals note down passwords in notebooks, often kept visibly, such as beside their computers.
  • Despite MFA, 28% of users are still targeted through tactics like SIM-jacking, MFA Hammering, and AiTM Attacks.
  • In medium-sized firms (26-100 employees), MFA usage is 34%.
  • Smaller businesses (up to 25 employees) have a lower MFA adoption rate at 27%.

Latest Multi-factor Authentication Stats

JumpCloud’s 2024 IT Trends Report found that 83% of organizations use password-based authentication for some IT resources, 83% also require MFA and over two-thirds require biometrics (66%)—even though 67% of IT professionals agree that adding additional security measures means a more cumbersome experience. 

The average employee has three to five passwords to log into their IT resources, though 15% of employees average 10 passwords or more.

According to Microsoft, Microsoft’s systems are subjected to over 1,000 password attacks every second, showcasing the relentless nature of cyber threats. Crucially, more than 99.9% of the accounts that end up being compromised do not have MFA enabled.

More than half of the individuals hold a positive opinion of online platforms implementing multi-factor authentication (MFA). Among these, 67% from the United Kingdom believed that services employing MFA demonstrated a commitment to protecting personal data.

Based on a recent survey conducted by Okta, the use of multi-factor authentication (MFA) is on the rise. As of January 2023, almost two-thirds of users are employing MFA for authentication.

A recent KnowBe4 survey involving 2,600 IT professionals reveals significant differences in security practices between large organizations and small to mid-sized organizations. While only 38% of large organizations neglect to use multi-factor authentication (MFA) for securing user accounts, a much higher proportion, 62%, of small to mid-sized organizations do not implement MFA.

Almost 97% of large organizations have a strict and enforced password policy, in contrast to just under 88% of small to mid-sized organizations.

Regarding the adequacy of these password policies, 49% of large organizations believe their current policy is not sufficient. 

48% of small to mid-sized organizations are of the opinion that their password policy is adequate.

Multi-Factor Authentication Usage in Organizations

In a 2024 JumpCloud survey of over 1,000 SME IT professionals, 83% of respondents said they required employees to use MFA to access all their resources. A similar survey found that:

  • 95% of employees using MFA do so via a software program, such as a mobile app. 
  • Only 4% of employees utilize a hardware solution, and a mere 1% rely on biometric methods like facial or fingerprint recognition.
  • The likelihood of MFA usage increases with organization size. In companies with over 10,000 employees, 87% use MFA. 
  • The likelihood of MFA usage is 78% for businesses with 1,001 to 10,000 employees. 
  • However, in smaller companies with 26 to 100 employees, the rate drops to 34%. In businesses with up to 25 workers, the adoption rate is even lower at 27%.

Learn about the human challenges of conventional MFA adoption.

Password Hygiene 

The Workplace Password Malpractice Report highlights a concerning trend in password security, emphasizing the need for stronger practices. The report indicates that the most common passwords continue to be overly simple and predictable, including “123456”, “123456789”, “qwerty”, “password”, and “12345”. This choice of easily guessable passwords presents a significant security risk.

The study further reveals that 57% of individuals resort to writing down their passwords on sticky notes, with 67% of these individuals admitting to losing these notes, thereby increasing the risk of unauthorized access. 

You might also like Password Security Best Practices.

  • 62% of people store passwords in notebooks, often left in open view, such as next to their work devices.
  • Digital password storage practices also raise security concerns. The report finds that 49% of people save work-related passwords in cloud-based documents, and 51% store them in documents on their computer.
  • 55% of individuals keep passwords on their mobile phones, a practice that could lead to security breaches if these devices are lost or compromised.

These findings underscore the vulnerability of relying solely on passwords for account security. The implementation of multi-factor authentication (MFA) is recommended as an effective countermeasure.

MFA adds an additional layer of security, ensuring that even if a password is compromised, unauthorized access is still preventable. The report’s insights point to the urgent need for enhanced password management and the adoption of robust security measures like MFA in organizational practices.

Multi-Factor Authentication (MFA) Market Statistics

The multi-factor authentication (MFA) market is experiencing significant growth and is projected to expand considerably in the coming years. According to Grand View Research, the MFA market is expected to reach $17.76 billion by 2025. This growth is propelled by advancements in biometric technologies, cloud computing, and other factors.

In a broader context, the global multi-factor authentication market was valued at $10,300 million in 2020. It’s projected to grow to an impressive $40,000 million by 2030, registering a compound annual growth rate (CAGR) of 18% from 2021 to 2030. This projection underscores the increasing demand and adoption of MFA solutions across various sectors.

Another notable aspect of the MFA market is its concentration. Major players in the industry hold a significant portion of the market share, ranging between 45% to 50%. This concentration indicates a competitive landscape where a few key companies dominate, likely due to their established presence, technological advancements, and comprehensive MFA solutions.

These trends and projections highlight the growing recognition of MFA as a critical component of cybersecurity strategies in an increasingly digital world.

Multi-Factor Authentication (MFA) Software Statistics

Regarding the types of MFA used, there is a clear preference for software-based solutions. A significant 95% of employees who use MFA opt for software-based options, like mobile apps. 

This preference is likely due to the convenience and ease of use associated with software solutions. In contrast, hardware-based solutions are used by only 4% of employees, and biometric methods are even less common, with a mere 1% adoption. The low usage of biometrics, despite their security benefits, could be attributed to factors like cost, technological maturity, and user familiarity.

Experience a walkthrough of how MFA works in JumpCloud

Multi-factor Authentication Attacks

If you’ve set up multi-factor authentication (MFA) for your accounts, you’ve taken a significant step towards safeguarding your digital identity. While the ideal goal is to achieve 100% protection, the current rate of 28% of users who have enabled MFA are still targeted by attackers. The fact that these targets have MFA in place forces attackers to find ways to bypass MFA itself, leading to the emergence of more sophisticated attack methods.

Some examples of these advanced attack techniques include:

  • SIM-Jacking and Other Telephony Vulnerabilities: This is a reason why moving away from telephony-based MFA (like SMS or voice calls) is recommended. In SIM-jacking, attackers take control of a victim’s phone number, thereby intercepting SMS or calls meant for MFA verification.
  • MFA Hammering or Griefing Attacks: These attacks involve bombarding a user with MFA requests in an attempt to coerce them into approving a fraudulent login. It’s a method that exploits simpler forms of MFA, like push notifications, which is why there’s a push towards more secure MFA methods.
  • Adversary-in-the-Middle (AiTM) Attacks: In these sophisticated phishing schemes, attackers trick users into completing MFA interactions that actually authorize the attacker’s access. This manipulation underscores the importance of phishing-resistant authentication methods, particularly for accounts and assets that are highly sensitive or critical.

These evolving threats highlight the necessity of not just adopting MFA, but also of continuously updating and refining MFA methods to stay ahead of attackers. As cyber threats become more advanced, it becomes crucial to adopt the most secure forms of MFA and remain vigilant against new types of attacks. This proactive approach is essential in ensuring the highest level of security for digital identities and assets.

JumpCloud Go™ offers Phishing Resistant MFA

JumpCloud Go™ enables passwordless login to JumpCloud-protected web resources on your managed device. Other than initial registration, you won’t need to enter your email, password, and MFA every time you access your resources. Instead, verify your identity with your device password or your device authenticator every 12 hours (Apple Touch ID or Windows Hello).

You can try JumpCloud for free to determine if it’s right for your organization.

Our customers tell us that asset management is also important for security and IT operations. JumpCloud is enhancing its platform to unify SaaS, IT security, and asset management.

Hatice Ozsahan
David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter