17 Essential Multi-factor Authentication (MFA) Statistics [2023] - Zippia (2024)

Research Summary. Security is regularly on the mind of most internet users, and given the fact that one in three American accounts has been hacked, it’s safe to say that concern is warranted.

To combat security breaches, websites and users have a whole host of tools in their arsenal. One of the most useful and innovative is Multi-factor Authentication (MFA). MFA uses multiple forms of ID to further secure the next login, making it an easy way to improve security.

To find out more about MFA and its benefits, we’ve gathered an extensive list of the essential MFA statistics. According to our extensive research:

• Only 13% of employees at small to medium businesses (SMBs) are required to use MFA, compared to 87% of employees at companies with 10,000+ employees.

• 77% of accounts use SMS (texting) as their two-factor authentication (2FA).

• MFA blocks a whopping 99.9% of modern automated cyberattacks.

• 81% of hacking-related breaches are due to weak/stolen passwords.

General MFA Statistics

MFA has many benefits, but some companies have been slow to adopt it. To find out more about the general state of MFA, here are some key statistics:

• 38% of large organizations still don’t use MFA.

  And the numbers are even worse for SMBs, whom the majority (62%) don’t use MFA either.

• Between 2017-2021, the MFA adoption has increased by over 178%.

  In 2017, only 28% of accounts reported using MFA to secure their information, but as of 2021, that number has skyrocketed to 78% of accounts.

  Year	MFA adoption
  2021	78%
  2019	53%
  2017	28%

• The #1 objective of cyberattacks is to steal sensitive data.

  For example, 91% of all cyberattacks begin with email, as hackers attempt to manipulate or coerce others into disclosing sensitive data.

• 27% of the businesses whose employees use MFA are in the government.

  Businesses in education have the largest share of employees using MFA, at 33%. This is then followed by banking/ finance (32%), telecommunications (31%), and tech/software (27%).

  Industry	Share of businesses who use MFA
  Education	33%
  Banking/finance	32%
  Telecommunications	31%
  Tech/software	27%
  Government	27%

MFA Methods

When it comes to MFA, there are multiple ways businesses, employees, and individuals can confirm their identification. To find out more about the most common and unpopular ways, here are the facts:

• 73% of people believe smartphones are the most convenient MFA method.

  Smartphones are by far the favored MFA method among respondents, with only 17% preferring a built-in authenticator, 5% a smart card, and 5% a U2F security key.

  MFA Method	Percent who think it’s the most convenient
  Smartphone	73%
  Built-in authenticator	17%
  Smart card	5%
  U2F	5%

• 65% of Americans use the same password for multiple accounts.

  See Also

  8 Best Two-Factor (2FA) Authentication Apps to Protect Your Email and Social Media Authentication factor - definition & overview | Sumo Logicmulti-factor authentication - Glossary | CSRCUse Two-factor Authentication to Protect Your Accounts

  This is divided between the 52% of Americans who use the same password across some accounts and the 13% of Americans who use the same password across all of their accounts.

  Password reuse	Share of Americans
  Reuse passwords on all accounts	13%
  Reuse passwords on multiple accounts	52%
  Don’t reuse passwords	35%

• Less than 10% of Google accounts use two-factor authentication.

  Some people find 2FA inconvenient or annoying, but unfortunately, this comes at a cost. The fact is that 2FA reduces Google account hacks by 50%.

MFA Success Rate

MFA is gaining popularity because it’s an easy way to make accounts more secure. For example, here are some key facts about MFA success rates:

• MFA blocks a whopping 99.9% of modern automated cyberattacks.

  Given that personal information like passwords and identification can be somewhat easily hacked and stolen online, being able to prevent 99.9% of automated cyberattacks is remarkably high.

• MFA stops 96% of bulk phishing attempts.

  MFA also has a high success rate in blocking phishing attempts. A total of 25% of all data breaches involve phishing, which highlights how important MFA can be to improve security.

• MFA stops 76% of targeted attacks.

  Targeted attacks are some of the most deadly and difficult-to-stop hacks out there, and luckily, MFA can stop over three out of four of these attacks.

Data Security Issues

As of 2023, we’re all more online than ever before. Unfortunately, this has led to an increase in data security issues. For example:

• Over 50% of people who receive phishing emails are tricked by them.

  A whopping 70% of people open their phishing emails, which is a considerably higher number than the meager 3% who open traditional spam emails.

• 30% of data breaches occur within the healthcare industry.

  The healthcare industry is particularly vulnerable to data security issues, with nearly 50 million Americans having their protected health information breached in 2021 alone.

• 69% of those 18-24 use MFA to protect their data.

  Generally speaking, MFA use decreases considerably with age. For example, those who are 65+ are the least likely to use MFA, at only 33%.

  Age	Share of MFA users
  18-24	69%
  25-34	68%
  35-44	58%
  45-54	49%
  55-64	36%
  65+	33%

Multi-factor Authentication Statistics FAQ

1. How effective is multi-factor authentication?

   Multi-factor is extremely effective, being able to block 99.9% of modern automated cyber-attacks. Overall, MFA is extremely effective in preventing cyber attacks, as it also stops 96% of bulk phishing attempts and 76% of targeted attacks.

   This is because even if a hacker does get a hold of your password or other crucial information, they will still be denied access without additional authentication.

2. How common is multi-factor authentication?

   MFA is somewhat common but also becoming more common by the year. For example, in 2017, only 28% of accounts used MFA, whereas, in 2021, that percentage jumped to 78% (an increase of 178%).

   See Also

   What is Two-Factor Authentication (2FA) and How Does It Work?

   Additionally, an estimated 62% of large organizations use MFA, which is the majority.

3. Can hackers beat multi-factor authentication?

   Yes, hackers can beat MFA, but this process is far more difficult than hacking non-MFA accounts. However, to learn more about the ways hackers can get past MFA security, here are some methods you should know:

   • Social Engineering: This is when hackers attempt to manipulate crucial login information out of potential victims. For example, a hacker might pose as an IT technician and explain to someone that they need an SMS verification code to repair an account.

   • Brute Force: Some hackers try and manage to enter accounts through guessing and other simplistic tactics. Though, this method typically only succeeds with simple MFA methods, such as a 4-digit pin.

   • Exploiting Generated Tokens: when websites rely on authentication apps, such as Microsoft Authenticator and Google Authenticator, the temporary tokens generated can be accessed by hackers. This can put the accounts connected to those authentication codes at serious risk.

   • Session Hijacking: Some hackers can use session cookies to access personal information, even when you log out of a website.

   • SIM Hacking: This is where hackers gain access to and are able to intercept important codes by gaining unauthorized access to someone’s SIM card. Of course, this is mainly an issue for those who use SMS as their main method of MFA.

   In general, hacking will always be an issue online, regardless of whether you use MFA or not. However, as long as you refuse to give personal information to others, MFA does offer a massive boost to your cybersecurity.

4. What are the disadvantages of multi-factor authentication?

   The main disadvantage to MFA is the extra time and money it costs companies to set up. However, this cost could ultimately be considered negligible, as money lost from hacking would far outway the money put into the investment.

   Moreover, other disadvantages cited are simply inconveniences, as some employees find it frustrating to deal with multiple layers of authentication. Again, though, this frustration doesn’t outway the cybersecurity benefits.

5. What is the strongest authentication?

   Passwordless MFA is considered the strongest form of authentication. This includes things like one-time passwords [OTP], registered smartphones, or biometrics (fingerprint, retina scans). All of these are extremely difficult to duplicate or hack.

   Hard Token 2FA authentication also offers high security but requires extensive ongoing maintenance and can be hacked through exploiting generated tokens.

Conclusion

81% of company data breaches are the result of poor passwords, and with many individuals and businesses now concerned about password security, MFA has never looked more appealing. Between 2017-2021 alone, account use of MFA has skyrocketed by 178%.

And there’s a reason why, as MFA is 99.9% effective in preventing modern automated cyberattacks, 96% effective in stopping bulk phishing attempts, and 76% effective in stopping targeted attacks.

All of these facts and more make it clear that MFA is effective in protecting accounts and will likely continue rising in popularity.

References

1. Cyber Readiness Institute – Global Small and Medium-Sized Businesses Slow to Move to More Secure Multi-Factor Authentication Account Access Method, New Cyber Readiness Institute Survey Finds

2. TechRepublic – More companies use multi-factor authentication, but security still weak from poor password habits

3. Health IT Security – Multi-Factor Authentication Blocks 99.9% of Automated Cyberattacks

4. eSecurity Planet – Most Small to Mid-Sized Organizations Don’t Use Multi-Factor Authentication

5. DIW – Enterprises Lag Behind MFA Usage Rates Despite Widespread Consumer Adoption

6. The Healthy Journal – What of attacks start with an email?

7. Statista – Most convenient Multi-Factor Authentication (MFA) methods worldwide in 2021

8. ExtremeTech – Google Says Using Two-Factor Authentication Reduces Account Hacks 50 Percent

9. Rublon – How Does MFA Prevent Account Takeover Attacks?

10. FireEye – Shaping the Future of Cybersecurity

11. SANS – NewsBites Drilldown for the Week Ending 13 November 2020