37% of consumers worldwide still write down passwords, while 32% reuse the same password across multiple accounts in 2025.

90% of organizations reported facing challenges in transitioning to passwordless authentication.

90% of global organizations reported challenges in moving toward passwordless authentication.

57% of global users still do not use passwordless authentication as their primary method.

Japan ranks #1 in the proportion of organizations using passwordless as the primary authentication method.

42% of the world's top 1,000 most visited websites do not enforce any minimum password length requirements.

Only 1%, or five websites, among the top 1,000 most visited websites met all best-practice password criteria.

58% of the world's top 1,000 most visited websites do not require special characters for their passwords.

Passkey authentications have more than doubled year over year to 1.3 million per month.

E-commerce platforms represent approximately 45% of all passkey authentications, led by Amazon's commanding 39.9% share.

Germany's Bundesagentur für Arbeit saw 181% growth in passkey authentications.

Microsoft's decision to make passkeys the default sign-in method drove 120% growth in passkey authentications.

40% of Dashlane users now store at least one passkey, double the rate from just a year ago.

Gemini's passkey authentications grew by 269% after making passkeys mandatory for all users.

HubSpot has seen a 25% improvement in login success rates over passwords.

The average person now manages 301 passwords across their personal and work accounts.

Roblox's passkey authentications grew by 856%, representing the most dramatic surge in the dataset.

19% of Chief Information Security Officers (CISOs) expect a significant increase in new tasks for their IT or security teams due to security risks or vulnerabilities related to AI.

96% of CISOs believe that multi-factor authentication (MFA) cannot keep up with evolving threats.

78% of Chief Information Security Officers (CISOs) expect AI to create moderate or significant increases in security workloads as they address new vulnerabilities.