New Report Reveals Persistent Enterprise Reliance on Passwords, Reinforcing Need for Stronger Identity Access Management (IAM) Strategies

SANTA BARBARA, Calif.--(BUSINESS WIRE)--Bitwarden, the trusted leader in password, passkey, and secrets management, today announced findings from a report commissioned with 451 Research, a part of S&P Global Market Intelligence, titled Risk Reduction and Resilience Starts with Enterprise Password Management. The report examines enterprise identity and access management (IAM) challenges and highlights the importance of strong password management as a fundamental security measure.

Weak passwords remain a security risk

Enterprises continue to grant employees, contractors, and third parties access to a growing number of systems and datasets. Despite increased adoption of multifactor authentication (MFA), 65% of enterprises still rely solely on passwords to access corporate systems. Even as passwordless authentication gains traction, 37% of applications still support only password-based logins, reinforcing the need for secure password management.

While technology vendors promote passwordless authentication, adoption remains slow. Only 21% of enterprises have implemented FIDO2 passwordless authentication, underscoring the ongoing reliance on traditional credentials.

Regulatory frameworks such as SOC 2, HIPAA, and PCI-DSS emphasize IAM controls, yet businesses struggle to balance security, compliance, and usability. Without strong password management, enterprises face greater exposure to insider threats and external attacks.

MFA adoption grows, but strong passwords remain essential

While enterprises recognize the importance of MFA, passwords remain a foundational element of authentication strategies. 55% identify strong MFA as the most effective defense against ransomware and malware, yet many still rely on passwords as the primary authentication factor.

Even with MFA adoption on the rise, enterprises continue to use varied authentication methods: 42% rely on SMS-based two-factor authentication (2FA), 32% deploy authenticator apps, and 25% use biometrics. Many users still default to passwords alone, emphasizing the need for secure password habits.

Recent breaches, including the 2024 attack on UnitedHealth’s Change Healthcare, which resulted in $786 million in damages, highlight the need for MFA on critical systems.

Simplified IAM strategies improve compliance and business resilience

Enterprises increasingly recognize strong MFA as a cornerstone of identity security, with 39% citing it as their primary zero-trust tactic, compared to 11% relying on network segmentation.

The bring your own device (BYOD) shift has heightened security risks, as employees access corporate resources from personal devices, requiring zero-trust security models to authenticate every user and device before granting access.

Despite increased investment in authentication, many enterprises still struggle with fragmented IAM strategies and inconsistent policy enforcement, leaving them vulnerable to credential-based attacks and lateral movement threats. Password management plays a key role in reducing IT overhead, minimizing password reset requests, and enforcing authentication best practices.

Password management remains the top IAM challenge for enterprises, with 35% citing it as their biggest pain point, followed by privileged access management (30%), password reuse (25%), compliance audits (25%), and terminating access for employees who leave (23%).

A back-to-basics approach is critical, embedding password management, MFA, and zero-trust principles into daily operations. Organizations that align IAM solutions with user behavior are best positioned to enhance resilience, mitigate risks, and ensure long-term security success.

Read the full report

For a comprehensive analysis of enterprise IAM challenges and recommendations, download the full report here.

To learn more about how Bitwarden supports enterprise security and compliance, visit bitwarden.com.

About Bitwarden

Bitwarden equips enterprises and individuals with the power to securely manage and share information online with trusted open source security solutions. With Password Manager for everyone, users can easily manage their entire online identity anywhere. Bitwarden Secrets Manager and Passwordless.dev enhance developer secrets security and streamline passkey development for end users and workforce authentication. Founded in 2016, Bitwarden serves over 50,000 businesses and more than 10 million users worldwide across 180 countries in 50+ languages. The company is headquartered in Santa Barbara, California. Learn more at bitwarden.com.