Authentication complexity is still slowing passwordless adoption for enterprises

TL;DR: A survey of 252 U.S. security and IT executives found that 86% plan to implement passwordless authentication within 12 months or already have, but 70% are overwhelmed by authentication complexity and 42% cite lack of visibility across practices, according to Axiad. Passwordless only reduces risk when identity architecture, governance, and user experience are aligned.

NHIMG editorial — based on content published by Axiad: Don’t Let Underlying IT Complexity Block Your Road to Successful Authentication

By the numbers:

• Axiad’s survey of 252 U.S. security and IT executives found that 86% plan to implement a passwordless strategy in the next 12 months, or already have done so.
• 70% of survey respondents said they are overwhelmed by the complexity of their authentication systems.

Questions worth separating out

Q: How should security teams implement passwordless authentication without creating new bypasses?

A: Start by mapping every login, recovery, and exception path, then remove any route that lets users fall back outside central policy.

Q: Why does authentication complexity create security risk for IAM programmes?

A: Complexity creates risk because it fragments control ownership, weakens visibility, and makes policy enforcement inconsistent across systems.

Q: How do teams know if passwordless authentication is actually working?

A: Look for lower reliance on password fallback, fewer support-driven recoveries, consistent enforcement across all business units, and reduced user pressure to bypass controls.

Practitioner guidance

• Inventory every authentication path Document primary, fallback, and recovery methods across all applications and identity stores so teams can see where inconsistent authentication policies exist today.
• Eliminate local exceptions that create bypasses Review business-unit and application-specific exemptions, then retire any exception that lets users bypass approved authentication policy without central approval.
• Measure friction and support burden together Track help-desk resets, fallback use, and user complaints as one control health indicator so passwordless adoption does not silently increase workarounds.

What's in the full article

Axiad's full blog post covers the operational detail this post intentionally leaves for the source:

• Survey breakdown by authentication challenge, including the split between complexity, visibility, and phishing pressure.
• Practical guidance on integrating existing authentication tooling instead of replacing it outright.
• Discussion of how automation can reduce certificate and reset administration effort in real IAM environments.
• The article's view on balancing usability with security so users do not route around controls.

👉 Read Axiad's analysis of authentication complexity and passwordless adoption →

Authentication complexity is still slowing passwordless adoption for enterprises?

Explore further

View Full Forum →  |  NHI Foundation Course →