We live in a time of digital paradox. On the one hand, threat awareness has never been higher and multi-factor authentication (MFA) has become a standard in the corporate vocabulary. On the other hand, recent data suggests that Europe is starting to get technologically breathless, while other regions of the world, led by Asia, are running ahead. Is our sense of security false?
Just a few years ago, implementing any form of MFA in a company was something to be proud of and ticked off a key point in a security audit. Today, looking at market reports – including the latest data published by Okta – it is clear that the mere presence of a ‘second component’ is not enough. The game is no longer about whether we secure identities, but how we do it and whether we don’t cripple the business in the process.
A glass 70% full (or 30% empty)
The data is unforgiving, but also food for thought. According to Okta’s analysis, around seventy per cent of employees now use additional security queries when logging in. At first glance, this is a solid result, indicative of the maturity of the market. However, in cyber security, the principle of the weakest link applies. This means that almost one in three employees is still logging into company resources ‘the old way’, providing an open gateway for cyber criminals. This unprotected 30 per cent attack surface is, in today’s reality, an invitation to disaster.
Interestingly, there is a clear sectoral stratification. The technology sector has done its homework in an exemplary fashion, with an MFA usage rate of around ninety per cent. Significant progress can also be seen in trade. However, other sectors, often key to the economy, still have a lot of catching up to do. For IT integrators and solution providers, the conclusion is clear: the market is not saturated. It is simply unevenly developed.
The end of SMS. Time for quality
Another, perhaps the most important conclusion to be drawn from the analysis of current trends is the twilight of simple verification methods. Hackers are not sleeping and have learned to bypass basic security. Attacks such as MFA fatigue (fatiguing the user with constant notifications until they finally click ‘yes’) or sophisticated phishing mean that the SMS code is no longer a sufficient firewall.
The market is responding dynamically to this. We are seeing a surge in the popularity of phishing-resistant methods. Solutions such as WebAuthn, FastPass and physical smart cards (Smart Cards) are seeing record increases in deployments – some have doubled their presence in just one year.
This sends a clear message to the industry: offering customers ‘any’ MFA is now a half-measure. The modern standard is cryptographic methods that make it physically impossible for a fake login page to take over a session. SMS is slowly becoming a thing of the past, becoming a declining technology in terms of corporate security.
Europe needs a boost
Here we come to the most worrying point. While globally the adoption of modern authentication methods is accelerating, Europe seems to be losing momentum. The Asia-Pacific region currently boasts the highest growth rate. On the old continent, growth rates are lower, more conservative.
Why is this happening? Experts suggest that the European market is largely waiting for a ‘whip’ in the form of regulation. Okta points out that the region’s potential can be unlocked by binding specifications and clearly defined safety targets. While others innovate under the pressure of the market and competition, we often wait for the guidance of directives (such as NIS2).
It is a reactive approach that needs to change. Companies in Europe are increasingly beginning to understand that authentication is not just a compliance requirement, but a strategic business indicator. Introducing clear internal policies and treating digital identity as a cornerstone of IT architecture is the only way not to fall behind global competitors.
The myth of slow login finally debunked
The most common ‘against’ argument that salespeople and IT implementers hear is concern about user comfort. “Let’s not add security because people won’t be able to work and logging in will take ages” is the key phrase that blocks many investments.
Meanwhile, the data shows the exact opposite. Security and ease of use (UX) are no longer mutually exclusive values. Modern phishing-proof procedures, based on biometrics or hardware keys, drastically reduce login times compared to the laborious transcription of codes from an SMS.
What’s more, teams that have implemented these solutions record significantly fewer helpdesk calls related to password resets. By early 2025, the vision of ‘passwordless’ – working completely without passwords at the enterprise level – has become realistic. It is no longer futurology, it is a measurable saving of time and money.
