Corporate Security Risks and the Shift Toward Passwordless Authentication
A new report from password manager 1Password highlights that weak or compromised passwords remain a significant security risk for organizations, with employee password practices worsening despite increased awareness. Survey data from over 5,000 workers across multiple countries reveals that a majority of employees, including IT professionals, continue to reuse passwords, rely on default credentials, or share passwords via insecure channels, exacerbating the threat landscape for businesses. The report underscores that even as companies move toward passwordless authentication, the transition is gradual and current credential management practices are not keeping pace with evolving threats.
In response to these challenges, technology vendors are accelerating the adoption of passwordless solutions. Microsoft has released Edge version 142.0, introducing cross-platform passkey synchronization, allowing users to securely reuse passkeys across devices and browsers. This feature, which requires a dedicated PIN for access, aims to enhance both security and usability, reducing reliance on traditional passwords. The move reflects a broader industry trend toward passkeys and multi-factor authentication as default options, with major platforms like Google and Meta also embracing passwordless technologies to mitigate the risks associated with password-based authentication.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft Edge 142 rolls out cross-platform passkey sync
Microsoft released Edge 142 with support for syncing passkeys across platforms, marking a product step toward broader passwordless authentication adoption.
Guidance published on reducing password-related business risk
Articles published by ZDNet outlined steps for organizations to address password-related security risk and prepare for a passwordless future, reflecting industry guidance rather than a separate incident.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
How to prep your company for a passwordless future - in 5 steps
zdnet.com
Open sourcePasswordless Future: Microsoft Edge 142 Rolls Out Cross-Platform Passkey Sync
securityonline.info
Open source5 steps to fixing your business's top security risk
zdnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Challenges and Progress in Enterprise Passwordless Authentication
Enterprises are increasingly adopting passwordless authentication methods such as biometrics, passkeys, and security keys to enhance security and reduce the risks associated with traditional passwords. However, widespread implementation remains difficult, particularly for legacy systems, operational technology, and specialized applications that were never designed for anything other than passwords. Security leaders report that while most organizations can cover the majority of their threat landscape with passwordless solutions, the final 15%—often the most critical and legacy-dependent systems—remains resistant to change, creating operational and security challenges. Major technology providers like Google are actively promoting passwordless authentication, urging users to adopt passkeys and stronger authentication tools in response to increasingly sophisticated phishing and vishing attacks. Despite these efforts, the transition is hampered by technical, operational, and user experience hurdles, and attackers are exploiting gaps between multiple authentication systems. The push for a passwordless future is ongoing, but experts caution that full adoption may never be realized, and organizations must remain vigilant against evolving credential-based threats.
Jun 30, 2026
Passwordless Authentication and Passkey Adoption for Fraud Prevention
Microsoft has begun rolling out support for syncing passkeys across Windows devices and its Edge browser, addressing a key barrier to widespread adoption of passwordless authentication. This phased rollout starts with Edge on Windows 10 and 11, with plans to expand to iOS, Android, and MacOS, aiming to make passkey management seamless for users and organizations. The move is expected to accelerate the shift away from traditional passwords, leveraging the FIDO Alliance's non-phishable passkey standard to enhance security and usability across platforms. Industry experts highlight that passwordless authentication is not just a technological upgrade but a critical component in modern fraud prevention strategies. As organizations transition to passkeys and device-based authentication, they face challenges such as cross-device access and user education. Integrating behavioral analytics with passwordless systems is seen as essential for detecting sophisticated fraud attempts, including those involving AI-driven identity spoofing and deepfakes, ensuring both external and internal threats are mitigated effectively.
Jun 30, 2026
Advancements in Passwordless Authentication and Identity Security
Organizations are increasingly moving towards passwordless authentication methods, with technologies such as passkeys and device identity gaining traction as more secure alternatives to traditional passwords and multi-factor authentication (MFA). Passkey authenticators, often integrated into password managers or as standalone components, play a critical role in enabling seamless and secure login experiences by leveraging new standards and cryptographic techniques. Device identity further enhances security by binding credentials to hardware, making authentication resistant to phishing and social engineering attacks, while also improving user experience by reducing prompt fatigue and streamlining access to applications and networks. The identity security market is also witnessing strategic acquisitions, such as Ping Identity's purchase of Keyless, which aims to integrate privacy-preserving biometric authentication for frontline workers and address emerging threats like deepfakes. These moves reflect a broader industry trend towards comprehensive identity lifecycle management, resilience against AI-driven threats, and scalable support for both human and machine identities. As economic constraints limit large-scale mergers, the focus is shifting to targeted acquisitions that expand platform capabilities and reinforce the shift to passwordless, device-centric authentication models.
Jun 29, 2026