Authentication complexity and passwordless adoption: where teams get stuck

TL;DR: A 2022 Authentication Survey of 252 U.S. security and IT executives found 86% plan to implement passwordless or already have, while 70% say authentication complexity overwhelms them, according to Axiad. That gap shows authentication programmes still fail when architecture, visibility, and user experience are treated separately.

NHIMG editorial — based on content published by Axiad: Don’t Let Underlying IT Complexity Block Your Road to Successful Authentication

By the numbers:

• An overwhelming 86% told us they plan to implement a passwordless strategy in the next 12 months, or already have done so.
• 70% of survey respondents said they are overwhelmed by the complexity of their authentication systems.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should teams roll out passwordless authentication without creating new bypass risks?

A: Start with the authentication paths that create the most friction and operational inconsistency, then simplify the control model before broad rollout.

Q: Why does authentication complexity increase security risk even when controls are stronger?

A: Complexity increases risk because strong controls do not help if they are applied inconsistently across silos, legacy systems, and recovery paths.

Q: What signals show that a passwordless programme is not working in practice?

A: Rising helpdesk volume, repeated fallback use, excess admin effort, and growing exception requests are all signs that the programme is fragile.

Practitioner guidance

• Inventory every authentication path Document primary login flows, step-up paths, recovery processes, and application-specific exceptions so you can see where the same user is being authenticated in different ways.
• Reduce authentication silos before expanding passwordless Consolidate duplicated directories, authentication policies, and admin workflows where possible.
• Measure friction as a security metric Track helpdesk calls, reset volume, fallback usage, and bypass requests alongside authentication success rates.

What's in the full article

Axiad's full research covers the survey detail this post intentionally leaves at the strategy level:

• The full breakdown of survey responses by challenge area, including complexity, visibility, phishing, and ransomware.
• Practical guidance on integrating existing authentication tools instead of replacing them wholesale.
• The detailed friction and administration findings that support rollout planning and internal business cases.
• Survey context on how executives view authentication as part of risk management rather than a standalone IT issue.

👉 Read Axiad's survey analysis on authentication complexity and passwordless adoption →

Authentication complexity and passwordless adoption: where teams get stuck?

Explore further

View Full Forum →  |  NHI Foundation Course →