Yubico, the creator of the most secure passkeys and leading provider of hardware authentication security key, has officially published the results from its latest annual Global State of Authentication survey.
Going by the available details, this particular survey was conducted by Talker Research, taking into account more than 18,000 employed adults across 9 countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the United Kingdom, and the United States. More on that would reveal how this exercise explored individuals’ cybersecurity habits in both their workplace and personal lives.
Not just that, it also examined the dangers of weak security practices, while simultaneously assessing the growing concerns around new-age technologies like Artificial Intelligence (AI) and their implications for both organizational and individual security.
“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices,” said Ronnie Manning, chief brand advocate, Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year.”
As for the results, they begin by revealing that 44% of all participants admitted to having interacted with a phishing message in the last year. From that lot, Gen Z stands out as the most susceptible demographic to phishing, with 62% reporting (i.e. clicking a link, opening an attachment, etc.) a engagement phishing scam in the last one year, significantly higher than other age groups.
Next up, we must take into account how 70% were found to believe phishing attempts have become more successful due to the use of AI, whereas on the other hand, 78% believed they have become more sophisticated. When shown a phishing email, 54% either believed it was an authentic message written by a human or were simply unsure about its nature.
To further expand the awareness part, there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45%, millennials 47%, Gen X and baby boomers, both 46%), indicating that no group is exempted from needing extra cyber-caution in the age of AI.
Moving on, no more than 48% of respondents said their company uses MFA across all apps and services and 40% reported never having received cybersecurity training from their employer. Alongside that, we have a contingent of 29% respondents who still don’t have MFA set up for their personal email accounts despite the fact they are used to login to their most critical online assets
Another detail worth a mention relates to how, even though there remains low confidence in usernames and passwords (only 26% consider them to be the most secure), the said medium remains the most common authentication method, considering it is currently being used by 56% for work accounts and 60% for personal accounts.
Hold on, we still have a few bits left to unpack, considering we haven’t yet touched upon how concerns about AI’s tendency to compromise security have witnessed a steep rise over the recent past. You see, in US, these concerns were reported by 77% of the surveyed population in 2025, as compared to 61% back in 2024.
Against that, confidence in advanced authentication methods was found to be on the up, particularly in the use of hardware security keys and device bound passkeys. For better understanding 34% US-based respondents identified hardware security keys/passkeys as the most secure option, up from 18% last year (16-point increase).
Founded in 2007, Yubico’s rise up the ranks stems from YubiKey, which happens to be an industry-leading passkey. The company’s excellence in what it does can also be understood once you consider its passkey technology is currently serving people and organizations in over 160 countries
“As cyber threats become more sophisticated, the good news is the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” said Manning. “Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”
