Notifications
Clear all
Topic starter
08/06/2026 4:08 pm
TL;DR: Password-based authentication problems are stopping 60% of US workers from doing their jobs, while just under 60% have contacted IT after being locked out, according to Axiad’s survey of 2,000 office workers. Passwordless only works when the user journey is simpler than the old one, not when it adds another layer of friction.
NHIMG editorial — based on content published by Axiad: Say Goodbye to Passwords for Good, Your Employees Will Thank You
By the numbers:
- 60% of US workers we surveyed said problems with passwords have stopped them from doing their jobs!
- just under 60% also said they had to contact the IT department at their workplace because they were locked out of their computer
- Axiad conducted a survey with 2,000 US office workers last fall
Questions worth separating out
Q: How should organisations roll out passwordless authentication without increasing lockouts?
A: Start by mapping enrolment, recovery, and fallback paths before broad rollout.
Q: Why do passwordless programmes fail even when the technology is secure?
A: They fail when the user journey is fragmented.
Q: What do security teams get wrong about multi-factor authentication?
A: They often treat more MFA options as automatically better governance.
Practitioner guidance
- Map all fallback and recovery paths Document every route users can take when biometric, device, or authenticator-based login fails, then remove any path that silently reintroduces passwords as the default recovery method.
- Consolidate MFA policy and support workflows Reduce confusion by aligning device enrolment, authenticator support, and reset procedures across teams so employees do not need to choose between multiple login systems.
- Measure adoption with operational signals Track successful authentication rates, lockout volume, helpdesk contacts, and fallback frequency together so you can distinguish real security gains from simply shifting the burden to IT.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- Survey methodology and the 2,000-worker sample breakdown for readers who want the underlying dataset
- Specific examples of worker frustration around passwords, MFA, and lockout scenarios
- Axiad Cloud capability details for passwordless deployment, reporting, and credential management
- The vendor's own explanation of how centralized authentication support is positioned across people and machines
👉 Read Axiad's analysis of passwordless authentication and employee productivity →
Passwordless authentication and identity risk: what IAM teams need to know?
Explore further
08/06/2026 5:36 pm
Passwordless failure is often an adoption failure, not a cryptographic failure. The article shows that employees bypass controls when the new login path is harder than the old one. That means the real security problem is not whether the method is phishing-resistant, but whether the identity experience is stable enough to survive normal work pressures. Practitioners should treat user friction as a governance signal, not a soft usability concern.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs , Key Challenges and Risks.
A question worth separating out:
Q: What should IAM teams do if passwordless adoption increases helpdesk demand?
A: Treat that as a design issue, not a user problem. Review device readiness, recovery steps, and enrolment clarity, then remove the points where employees get stuck. If helpdesk demand rises, the programme has not achieved usable assurance, and the operational friction is undermining the security case.
👉 Read our full editorial: Passwordless authentication is exposing the limits of legacy IAM
