It looks like the message about passwords being poor security is (finally) getting through. I’m worried that SMS and email are seen as ‘good’ though…:
The 2021 State of the Auth report, a survey of 1,039 U.S. and U.K. adults, has released information on user perceptions of multi-factor authentication.
The biennial survey conducted by Duo Labs asked respondents about their personal and work use of two-factor authentication (2FA), as well as the forms of 2FA they had previously experienced.
2FA use sees large growth since 2017
Seventy-nine percent of respondents reported using 2FA in 2021, a significant increase compared to the 28% of respondents who used 2FA in 2017, the first year the survey was conducted.
The report asked respondents to rank 2FA methods including SMS, email, mobile passcode, push notification and more. Of the 2FA options, SMS and email ranked highest, with 85.2% of respondents reporting SMS use and 74.3% using email.
Despite the widespread use of 2FA, many users still report inconsistent use of the technology. Around one-third of users reported using 2FA for all applications, while 37.9% only used it for some. The remaining 29.6% reported no use of two-factor authentication.