SANTA CLARA, CALIF. & STOCKHOLM -- Amid growing uncertainty around AI and a surge in cybersecurity breaches, Yubico (NASDAQ STOCKHOLM: YUBICO) - the creator of the most secure passkeys and leading provider of hardware authentication security keys - has released the findings of its annual Global State of Authentication survey, just in time for October’s Cybersecurity Awareness Month.

Yubico's chief brand advocate, Ronnie Manning, breaks down the results of the 2025 Global State of Authentication survey
Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across 9 countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the United Kingdom, and the United States. The survey explored individuals’ cybersecurity habits in both their workplace and personal lives. It also examined the dangers of weak security practices, and evaluated the growing concerns around emerging technologies like Artificial Intelligence (AI) and their implications for both organizational and individual security.

“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices,” said Ronnie Manning, chief brand advocate, Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand.”

The survey revealed a growing disconnect between how secure is perceived and what actual cybersecurity habits are, particularly around password use and MFA. At the same time, concern over AI-driven threats is rising sharply, and trust in hardware-based authentication methods, like security keys and passkeys, is steadily increasing, especially in the UK and the US.

Key global findings include:

·44% of all participants admitted to having interacted with a phishing message in the last year, an alarming indicator of continued vulnerability to social engineering attacks.
-Gen Z stands out as the most susceptible demographic to phishing, with 62% reporting engagement (i.e. clicking a link, opening an attachment, etc.) with a phishing scam in the past year, significantly higher than other age groups.
·70% believe phishing attempts have become more successful due to the use of AI, and 78% believe they have become more sophisticated.
·In fact, when shown a phishing email, 54% either believed it was an authentic message written by a human or were unsure.
-Interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45%, millennials 47%, Gen X and baby boomers, both 46%), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI.
·Only 48% of respondents said their company uses MFA across all apps and services, and 40% reported never having received cybersecurity training from their employer.
·Despite low confidence in usernames and passwords (only 26% consider them to be the most secure), they remain the most common authentication method: used by 56% for work accounts and 60% for personal accounts.
·29% of respondents still don’t have MFA set up for their personal email accounts even though they are used to login to their most critical online assets, including:
-Social media accounts (47%)
-Banking services (41%)
-Mobile phone carriers (34%)

When compared to last year’s 2024 Global State of Authentication survey from Yubico, the 2025 edition reveals significant year-over-year shifts in user behavior and perceptions across key markets.

·In France, one of the most remarkable developments was the sharp increase in the adoption of multi-factor authentication (MFA) for personal accounts.
-Usage jumped from 29% in 2024 to 71% in 2025, marking a 42-percentage point surge.
-This suggests a major improvement in personal cybersecurity practices among French users and growing acceptance of more secure login methods.
·AI has emerged as a growing area of concern globally, with marked increases in apprehension about its potential to compromise the security of both personal and business accounts.
-Japan: 31% concerned in 2024 vs. 74% in 2025 (43 percentage point increase).
-Sweden: 37% concerned in 2024 vs. 68% in 2025 (31 percentage point increase).
-UK: 61% concerned in 2024 vs. 81% in 2025 (20 percentage point increase).
-US: 61% concerned in 2024 vs. 77% in 2025 (16 percentage point increase).
·Meanwhile, confidence in advanced authentication methods is growing, particularly in the use of hardware security keys and device bound passkeys.
-In the UK, 37% of respondents now believe these tools are the most secure authentication methods, up from 17% in 2024, a 20-point increase.
-The U.S. reflected similar growth, with 34% identifying hardware security keys/passkeys as the most secure option, up from 18% last year (16-point increase).

“As cyber threats become more sophisticated, the good news is the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” said Manning. “Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”