Usernames and passwords are used by 60% of respondents as an authentication method for personal accounts.

In the US, 34% of respondents identify hardware security keys/passkeys as the most secure option, up from 18% last year (a 16-point increase)

Usernames and passwords are used by 56% of respondents as an authentication method for work accounts.

In the UK, 37% of respondents believe hardware security keys and device-bound passkeys are the most secure authentication methods, up from 17% in 2024 (a 20-point increase).

Only 23% of healthcare organizations offer passwordless authentication

Long signup or login forms frustrate 62% of users.

68% of users admitted to reusing passwords across multiple accounts.

Nearly a quarter (approximately 25%) of respondents abandon online purchases due to signup or login issues.

More than half of Gen Z and Millennial respondents view passkeys as convenient.

Over 31 million of the breached passwords were over 16 characters in length.

Only 12% of organisations have moved away from using passwords as their primary method of authentication.

31.1 million breached passwords were over 16 characters in length.

88% of organisations still use passwords as their primary method of authentication.

Only 11% of AI-powered APIs implemented robust security measures, such as bearer tokens with expiration times.

Machine learning-based discovery tools often identify 31% more API endpoints than those reported by enterprises.

123456 was the most common compromised password found in a new list of breached cloud application credentials.

89% of AI-powered APIs relied on insecure authentication mechanisms, like static keys.

77.4% of API-related vulnerabilities in AI products are directly API-related, such as weak API authentication, inadequate rate limiting, and broken access controls.