Two-factor authentication statistics

With the rise in cybercrime and cybersecurity tactics attempting to keep up with the sophisticated attacks used by cybercriminals today, two-factor authentication has never been more important as a way of keeping your accounts away from the clutches of attackers.

While tactics like changing your Google password and other services are a good start, using a physical security key, requiring a time-sensitive code sent by SMS, or using an authenticator app adds an extra layer of security between you and an attacker.

Do you remember a time when facial recognition, fingerprint scanning, and other biometrics were the type of advanced tech you’d only see in a 007 movie? No? Me neither. I struggle to recall when a password was enough to keep your accounts safe from hackers looking to steal or exploit your information.

2FA (two-factor authentication) is becoming more widely used as users realize the hacking potential for accounts that use passwords alone. In this article, you’ll find some interesting and shocking statistics related to two-factor authentication.

1. Two-factor authentication became mandatory for 150 million Google users in 2021

By the end of 2021, Google auto-enrolled 150 million users into using two-factor authentication to access their accounts. As reported by 9to5 Google, the move saw a 50% decline in compromised accounts. This huge achievement speaks volumes about the positive impact 2FA can have on a login process versus using a traditional username and password to authenticate.

2. Google authenticator can provide up to 100% protection from automated cyberattacks

Google’s account authentication and best practices report shows that multifactor authentication almost eliminates the possibility of your account being hacked. Even if a hacker were to obtain your username and password, they’d need access to your device with the authenticator app installed, making it near impossible to complete the login process. That’s not to say you should let your guard down for instances of account takeover fraud, as more sophisticated attacks may penetrate the 2FA line of defense.

3. $18.8 billion was spent on recovery costs by the American government in 2020

American City and County reported the average impact of downtime and recovery following a cyberattack. External and internal threats to government employee accounts are minimized using 2FA to limit the chances of phishing attacks and account hacking.

4. The technology industry is the most likely sector to use multifactor authentication

In 2021, LastPass found that businesses in the technology and software industry were the most proactive in using MFA, with 39% of respondents stating they were already using it. Education closely followed with 33%, but worryingly, the industries that handle some of the most sensitive customer data – legal and insurance had much less uptake of MFA, both with 20% of employees using the authentication method.

Lastpass state of the password 2021 2FA by industry
Source: LastPass

5. eCommerce retailers face 206,000 cyberattacks each month

Signal Sciences reports that data breaches and cyberattacks in the eCommerce industry are rising. The average cost of recovery from eCommerce fraud was set to reach $6.4 billion by 2021.

6. 61% of people reuse the same password across multiple accounts

A password manager makes life much simpler if you have trouble remembering passwords. To avoid your account being hacked, it’s generally good practice to use a different password for each account you use. If a hacker guesses one password correctly, chances are they can use the same login credentials to log in to your account on other services. Unfortunately, LastPass reports that over half of us recycle the same password across multiple accounts.

7. Two-factor authentication uptake on Twitter is shocking

In Twitter’s 2021 transparency report, the social media giant revealed that its two-factor authentication method uptake is surprisingly low. In fact, in its reporting period between July and December 2020, a meager 2.5% of users adopted 2FA, a rise of 8.7%.

Twitter 2FA 2021 usgae
Source: Twitter transparency report 2021

8. Most users of Twitter 2FA use the SMS method

The Twitter report continued, showing that 77% of users who adopt two-factor authentication use SMS, 30.1% use an authenticator app, and just 0.5% use a security key.

Twitter 2FA SMS 2021
Source: Twitter transparency report 2021

9. 2FA (two-factor authentication) usage is higher in the UK than in the US

A 2021 state of the auth report from Duo Labs found that adoption of two-factor authentication in the US is lower compared to the United Kingdom. 399 of 520 respondents (77%) from the UK said they use 2FA, whereas 350 of 519 of those surveyed from the US (67%) said they use this method.

Stae of the auth UK vs US 2021
Source: Duo Labs

10. Employed users adopt 2FA more than unemployed users

Stae of the auth employed vs unemployed 2021
Source: Duo Labs

Duo Labs’ report revealed an interesting finding: people who are employed (79% of users) embrace the safety of 2FA versus 60% of unemployed users.

11. Banking and investing is the most critical account type protected by 2FA

Duo Labs reports that the most concerning industry were it to be hacked would be related to finance – backed by 93% of respondents. Email and social media were the following most essential categories with 58% and 40% of responses, respectively.

State of the auth 2021 most critical category
Source: Due Labs

12. Global MFA uptake is on the rise

LastPass reported a rise of twelve percentage points on the previous year (2020), taking the global uptake figure of businesses using multifactor authentication to 57%.

13. Software-based authenticators are most used by businesses

95% of businesses using 2FA in 2021 employed software-based solutions like a mobile app. This may be due to the low-cost implications associated with software-based authenticators. Only 1% of respondents used hardware-based authentication, such as a physical token, while 4% of employees said they use biometrics, such as facial recognition or fingerprint, LastPass reports.

Lastpass state of the password 2021 2FA auth types
Source: LastPass

14. High-risk accounts face mandatory 2FA

Facebook reported in December 2021 that high-risk accounts such as human rights activists and government officials would need to switch to using two-factor authentication. As reported by TechCrunch, Facebook 2FA is now enabled on over 1.5 million accounts.

15. Microsoft Authenticator records 75 million installations

According to a recent report by Redmondmag, Microsoft Authenticator has seen a spike in active users since offering a password generator feature. The app, available for iOS and Android, now boasts a user base of over 75 million installations.