A landmark shift in digital identity security is underway, with phishing-resistant passkeys set to surpass passwords and traditional multi-factor authentication (MFA) by 2027.
That’s the key finding from HYPR’s newly published State of Passwordless Identity Assurance Report, which draws on data from 750 global IT security leaders.
The research, conducted by S&P Global Market Intelligence 451 Research, reveals how identity vulnerabilities – exacerbated by generative AI and deepfake threats – are forcing organisations to overhaul their approach to authentication and onboarding.
The Identity Renaissance
The report describes this inflection point as “The Identity Renaissance.”
Central to this transformation is the decline of legacy credential systems and the ascent of FIDO passkeys – a secure, biometric-driven authentication method that eliminates passwords entirely and neutralises phishing, credential theft, and MFA bypass attacks.
The urgency is clear: nearly half (49%) of all organisations suffered a data breach in 2024, with an astonishing 87% of those traced back to identity weaknesses.
Misused credentials (47%), privilege access abuse (41%), and social engineering (36%) were among the most common attack vectors.
On average, each breach cost organisations $2.5 million and, in some cases, triggered executive demotions and workforce reductions.
GenAI-Powered Attacks
But it’s not just stolen passwords keeping security professionals awake at night.
GenAI-powered attacks are now mainstream. An overwhelming 95% of surveyed firms reported encountering a deepfake incident in the past year – ranging from fabricated imagery (50%) to manipulated live (44%) and recorded (41%) video and audio.
These incidents are disproportionately affecting HR teams, with hiring and onboarding processes increasingly targeted by synthetic identity fraud.
While identity verification (IDV) tools remain the most widely deployed IAM solution (used by 63% of organisations), outdated in-person and document-based methods persist, particularly in recruitment.
A staggering 72% of firms still rely on traditional authentication during hiring – leaving them vulnerable to AI-enabled deception.
Passkeys Rapidly Gaining Ground
Against this backdrop, passkeys and hardware-based credentials are rapidly gaining ground.
Forty-six percent of organisations have now adopted passwordless authentication, and according to the FIDO Alliance, 87% have implemented or are actively deploying passkey infrastructure.
This transition is more than technological – it’s strategic.
“The reactive posture to identity security is no longer viable,” warns Garrett Bekker, Principal Analyst at S&P Global Market Intelligence.
“To compete in a digital-first world, organisations must embed phishing-resistant authentication into their core risk posture now – not in five years.”
HYPR CEO Bojan Simic echoes the urgency: “This report is a clarion call. Passwords are obsolete. The future of digital identity must be built on modern, secure, frictionless authentication.
The passkey revolution is not a theoretical shift – it is happening now.”
In a world reshaped by AI-driven threats and the erosion of trust in digital interactions, organisations must reimagine identity from the ground up.
The adoption of passkeys marks a decisive step toward a more resilient, secure, and user-centric digital future.
Those who hesitate risk being left behind – exposed not just to escalating breaches, but to a broader failure of trust in an era that demands certainty.
The post Identity threat landscape: Passkeys to replace passwords by 2027 appeared first on Payments Cards & Mobile.
