Yubico, the creator of secure passkeys and leading provider of hardware authentication security keys, has published findings from its annual Global State of Authentication survey, timed for Cybersecurity Awareness Month in October. Commissioned by Yubico and conducted by Talker Research, the study of 18,000 employed adults across nine countries highlights a disconnect between perceived and actual cybersecurity habits, rising AI-driven threats, and increasing trust in phishing-resistant methods like YubiKeys.
The survey exposes complacency in personal and workplace security, with phishing as a persistent vulnerability. Despite 44% encountering phishing attempts, only 54% correctly identified a sample email as fake, showing no generational edge—Gen Z at 45%, millennials at 47%, and older groups at 46%. This underscores the need for phishing-resistant authentication amid AI-enhanced social engineering. “Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices,” said Ronnie Manning, chief brand advocate, Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand.”
AI concerns have surged, with 70% seeing it boost phishing success and 78% noting sophistication gains. Year-over-year, apprehension rose sharply: Japan from 31% to 74%, Sweden from 37% to 68%, UK from 61% to 81%, and US from 61% to 77%. Yet, trust in hardware keys and device-bound passkeys grows, especially in the UK (37%, up 20 points from 2024) and US (34%, up 16 points). MFA lags organizationally, with just 48% full coverage and 40% without training, while 29% skip it for personal email—gateway to critical services. France bucks trends, with personal MFA adoption leaping 42 points to 71%.
Weak habits like password reliance (56% work, 60% personal) expose risks, despite low confidence. The survey calls for integrated education and advanced MFA to counter AI threats. “As cyber threats become more sophisticated, the good news is the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” said Manning. “Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”
Yubico’s 2025 survey urges immediate action on phishing-resistant tools and training, bridging personal complacency and organizational delays to fortify digital defenses against AI-augmented risks.
Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the internet safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure login simple.
Since 2007, we’ve helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organizations in over 160 countries—transforming how digital identity is protected from onboarding to account recovery.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.