Organizations Can’t Deploy Passwordless, Declare Victory And Walk Away

ByDavey Winder,

Senior Contributor.

Everyone gets that passwords, hate them or hate them, are a necessary security evil for so many business applications. With automatic password hacking machines, out there and employed by hackers, advice from Google about the dangers of relying on passwords, and even password manager vendors having to warn users not to reveal their master passwords as attackers strike, there has to be something better. The good news is that there is: passwordless technology of the type that Microsoft is encouraging a billion users to adopt. Yet, despite all of this, organizations seem apathetic when it comes to adopting this more secure authentication technology. One security expert has warned that for those businesses that have seen the light, deployed passwordless and declared victory, there’s bad news in store.

The newly published 2026 ID IQ Report from RSA, amongst other things, asked in excess of 2,000 global security experts just how often they had been failed when it came to identity security in the broadest sense. The results do not make for comforting reading, whether you are a security professional, business or customer. 69% of organizations reported a breach due to inadequate identity security capabilities. A majority of businesses indicated they were still using outdated solutions, relying on passwords for authentication. However, 90% reported that their efforts to transition to passwordless technology were stalling because challenges in removing passwords persisted.