Notifications
Clear all
Topic starter
12/06/2026 10:09 pm
TL;DR: Current authentication approaches are failing employees because passwords and fragmented MFA create friction, lockouts, and weaker security, according to Axiad’s interview, with its survey showing 60% of US office workers say authentication has stopped them from doing their jobs. The bigger lesson is that identity programmes must reduce user friction without relaxing assurance.
NHIMG editorial — based on content published by Axiad: Jerome Becquart on why current approaches to authentication are failing employees
By the numbers:
- 60% admitted that authentication processes have stopped them from doing their job.
- Just under 60% also said they had to contact the IT department at their workplace because they were locked out of their computer.
Questions worth separating out
Q: How should security teams implement passwordless authentication without creating user workarounds?
A: Start by simplifying the authenticator set, defining one clear recovery path, and removing duplicate login journeys.
Q: Why do employee authentication problems become security problems so quickly?
A: When authentication is frustrating, people reuse older credentials, delay updates, or ask for exceptions.
Q: What do organisations get wrong about passwordless MFA adoption?
A: They often focus on the factor technology and ignore the operating model around it.
Practitioner guidance
- Measure authentication friction as a security metric Track lockouts, password reset volume, MFA failures, and helpdesk escalations together so you can see where users are being pushed toward workarounds.
- Rationalise MFA methods before expanding passwordless Reduce duplicate authenticator options and define a clear recovery path so employees know which credential to use and where to fix issues.
- Tie passwordless rollout to credential lifecycle controls Make enrolment, device change, revocation, and exception handling part of the same operational process so stronger authentication does not create unmanaged exceptions.
What's in the full article
Axiad's full interview covers the operational detail this post intentionally leaves for the source:
- The specific credential types Axiad says enterprises can standardise across people and machines.
- How its Airlock approach is described for enforcing authentication directives before users regain full access.
- The survey findings behind the employee frustration and lockout statistics mentioned in the interview.
- The wider product and deployment context around passwordless authentication and PKI in regulated environments.
👉 Read Axiad's interview on passwordless authentication and employee identity →
Passwordless authentication and employee identity: what teams need to know?
Explore further
13/06/2026 12:44 am
Password friction is not a usability side issue. It is an identity control failure. When employees cannot complete authentication cleanly, they route around policy by reusing older credentials, delaying enrolment, or escalating to IT for exceptions. That turns the access layer into a productivity bottleneck and a security bypass channel. The implication is that identity programmes should treat user friction as a measurable security exposure, not a helpdesk nuisance.
A few things that frame the scale:
- 68% of organisations do not know how to fully address NHI risks, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why identity programmes that expand beyond human login flows need governance discipline, not just better authentication.
A question worth separating out:
Q: Who should own passwordless authentication across IAM, IGA, and PAM teams?
A: Ownership should sit with the identity governance function, but implementation must be shared across IAM, IGA, and PAM because authentication, enrolment, revocation, and exception handling touch all three. Treat passwordless as a programme, not a point solution. That keeps policy consistent across user access, privileged access, and credential lifecycle management.
👉 Read our full editorial: Passwordless authentication exposes the limits of current employee identity
