Notifications
Clear all
Topic starter
12/06/2026 10:15 pm
TL;DR: Password problems are still disrupting employee productivity and pushing users toward workarounds, according to Axiad’s survey of 2,000 US office workers, which found 60% had job interruptions and just under 60% had contacted IT after lockouts. Passwordless only works when authentication is simpler, phishing-resistant, and built around the user experience.
NHIMG editorial — based on content published by Axiad: Say Goodbye to Passwords for Good, Your Employees Will Thank You
By the numbers:
- 60% of US workers we surveyed said problems with passwords have stopped them from doing their jobs.
- just under 60% also said they had to contact the IT department at their workplace because they were locked out of their computer.
Questions worth separating out
Q: How should security teams reduce password friction without weakening authentication assurance?
A: Security teams should simplify authentication flows, reduce the number of methods users must manage, and make recovery paths consistent.
Q: Why do password-based controls keep causing productivity issues in enterprises?
A: Password-based controls create problems when users must remember too many credentials, recover access repeatedly, or choose between multiple MFA methods.
Q: What breaks when passwordless authentication is deployed without a recovery strategy?
A: The programme breaks at the moment users lose a device, forget enrollment steps, or cannot complete fallback verification.
Practitioner guidance
- Measure password friction as a risk signal Track lockouts, reset volume, and time lost to authentication failures across employee groups.
- Design passwordless around recovery, not just enrollment Test fallback paths, lost-device handling, and help desk recovery steps before broad deployment.
- Standardise MFA and credential policy across the estate Reduce the number of authentication variants employees must understand by aligning policy, reporting, and administration.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- Survey design and respondent breakdown for the 2,000 US office workers cited in the article
- Axiad's explanation of how passwordless authentication is positioned across people, machines, and digital interactions
- Product-specific details on centralized credential management and reporting that sit beyond this editorial analysis
- The vendor's full reasoning on how phishing-resistant authentication and PKI are packaged together
👉 Read Axiad's analysis of passwordless authentication for employees →
Passwordless authentication for employees: are your controls ready?
Explore further
13/06/2026 12:54 am
Password friction is a governance failure, not just a user complaint. When employees cannot complete work without repeated lockouts, resets, or MFA confusion, they create shadow paths around the control. That is a human identity assurance problem because the control has not been designed around how people actually work. The practitioner conclusion is that authentication governance has to be measured by usable completion, not policy intent.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How do IAM teams know whether passwordless adoption is actually working?
A: They should look for fewer lockouts, fewer reset requests, shorter time to access, and lower dependence on help desk intervention. Adoption is only successful if the new method is secure and easier for employees to use than the old one. Metrics should show both improved assurance and reduced operational drag.
👉 Read our full editorial: Passwordless authentication for employees: what identity teams need to know
