CISOs Are Racing Toward a Passwordless Future
October marks Cybersecurity Awareness Month, and there’s no better time to take the pulse of the the leaders shaping today’s cybersecurity strategies: CISOs.
We partnered with Wakefield Research to survey 200 security leaders across the U.S.—and the results are both striking and urgent. In our latest CISO Perspectives for 2026 report, one truth stands out above the rest: passwordless authentication is no longer emerging—it’s here.
A tipping point: 92% of CISOs are going passwordless
In 2024, just 70% of CISOs reported that they had plans to implement passwordless authentication. Today, that number has jumped to 92%, with a dramatic shift in urgency.
This isn’t just about checking a security box. The move is being driven by real business impact:
- 52% cite reduced risk of phishing, password reuse, and credential exploits
- 41% report improved productivity due to fewer login failures and reset tickets
- 39% say user experience has improved—a key factor in driving adoption
In short: passwordless is solving real problems across security, operations, and employee satisfaction.
MFA is losing favor—fast
While passwordless gains momentum, multi-factor authentication (MFA) is falling out of favor. 96% of CISOs say MFA can’t keep up with modern threat patterns, and a staggering 98% worry it no longer provides sufficient protection for their employees.
This confidence gap is driven by real-world attacks:
- MFA fatigue is being exploited through push bombing and phishing
- SIM swap and OTP interception techniques are increasingly commoditized
- Sophisticated attackers now target MFA itself, not just passwords
Security teams aren’t abandoning layered defense—but they are rapidly moving away from MFA as a crutch and toward certificate-based, device-bound authentication methods.
The bigger picture: zero trust is operational now
This push toward passwordless is just one chapter in a broader transformation.
Our research shows that:
- 97% of CISOs say NAC is now essential to zero trust
- 94% plan to replace legacy VPNs newer technology by 2027 (and we think Zero Trust Network Access solutions are leading the transition)
- 78% say AI will increase their workload—but that same percentage does not have a plan to handle AI identities in place
The common theme? Security leaders need solutions that reduce risk and friction at the same time. Legacy technologies can’t keep up. And the pressure to adopt scalable, cloud-native, vendor agnostic security platforms is intensifying.
Bottom line: Passwordless authentication is no longer a long-term goal—it’s a near-term mandate for most security teams.
CISOs are moving quickly to reduce identity risk, improve user experience, and move beyond the limitations of traditional MFA. That urgency reflects a broader truth: the foundations of enterprise security are shifting, and the organizations that adapt fastest will be the most resilient.
Stay tuned to this space throughout Cybersecurity Awareness Month as we continue to unpack what today’s security leaders are doing to prepare for what’s next.