2025 Global State of Authentication Report

41% of respondents use personal email accounts lacking MFA to log in to banking services.

When shown a phishing email, 54% of respondents either believed it was an authentic message written by a human or were unsure.

In the UK, concern about AI compromising security increased from 61% in 2024 to 81% in 2025 (a 20 percentage point increase).

In the US, concern about AI compromising security increased from 61% in 2024 to 77% in 2025 (a 16-point increase).

Only 48% of respondents said their company uses Multi-Factor Authentication (MFA) across all apps and services.

Usernames and passwords are used by 60% of respondents as an authentication method for personal accounts.

The percentage of respondents who could correctly recognize a phishing attempt was similar across generations: Gen Z - 45%, Millennials - 47%, Gen X and baby boomers - 46% (both groups).

70% of respondents believe phishing attempts have become more successful due to the use of AI.

78% of respondents believe phishing attempts have become more sophisticated due to the use of AI.

In Japan, concern about AI compromising security increased from 31% in 2024 to 74% in 2025 (a 43 percentage point increase).

44% of all participants admitted to having interacted with a phishing message in the last year.

In Sweden, concern about AI compromising security increased from 37% in 2024 to 68% in 2025 (a 31 percentage point increase).

Only 26% of respondents consider usernames and passwords to be the most secure authentication method.

Gen Z is the most susceptible demographic to phishing, with 62% reporting engagement (e.g., clicking a link or opening an attachment) with a phishing scam in the past year.

29% of respondents still do not have MFA set up for their personal email accounts.

47% of respondents use personal email accounts lacking MFA to log in to social media accounts.

34% of respondents use personal email accounts lacking MFA to log in to mobile phone carriers.

In the UK, 37% of respondents believe hardware security keys and device-bound passkeys are the most secure authentication methods, up from 17% in 2024 (a 20-point increase).

In the US, 34% of respondents identify hardware security keys/passkeys as the most secure option, up from 18% last year (a 16-point increase)

40% of respondents reported never having received cybersecurity training from their employer.

Usernames and passwords are used by 56% of respondents as an authentication method for work accounts.

In France, the adoption of MFA for personal accounts surged from 29% in 2024 to 71% in 2025, marking a 42-percentage point increase.