Identity Verification Emerges as a New Enterprise Standard to Combat Rising Impersonation Threats, Despite Plateau in Passwordless Adoption

NEW YORK, March 10, 2026 (GLOBE NEWSWIRE) — HYPR, the Identity Assurance Company, today released its sixth annual State of Passwordless Identity Assurance report. The study, commissioned by HYPR and produced by 451 Research from S&P Global Energy Horizons, identifies a seismic shift in the threat landscape: For the first time, Generative AI (53%) and Agentic AI (45%) have displaced stolen credentials as the primary identity security concern.

This crossover signifies that the industry is no longer fighting a human-scale battle of leaked passwords, but an industrial-scale battle against automated agents and synthetic media. In response, organizations are pivoting toward Identity Verification (IDV) to bridge the “literacy-action gap” that has left traditional passwordless adoption stalled at 43%.

2026 State of Passwordless Identity Assurance: Fast Facts

• The majority of organizations (87%) have encountered audio or video deepfakes in identity-based attacks
• Despite passkey literacy surging to 64%, enterprise-wide adoption remains stalled at 43%
• FIDO passkeys are the gold standard by 64% of leaders (up from 40%)
• 65% of attacks are detected within hours, but AI automation allows data theft before manual intervention
• 65% of enterprises indicate using IDV, yet implementation remains siloed, with most deploying to less than a quarter of their workforce

“Technical literacy is no longer the bottleneck; the challenge now lies in the mechanics of scaling across the enterprise,” said Bojan Simic, CEO and co-founder of HYPR. “In 2026, automated agents will leak more passwords than people, shifting identity risk from human-scale errors to industrial-scale machine automation. We must move past point-in-time security and make identity verification a permanent part of how we manage every employee, from onboarding to offboarding.”

The Velocity Paradox: Industrializing the Attack Chain

AI is re-arming existing threats like phishing (43%) and ransomware (37%) to automate fraud at volume. While defensive tools now detect 65% of identity-based attacks within hours, the “exfiltration window” is closing faster than human teams can react.

• Nearly two-thirds (65%) of organizations cited personalized phishing as the dominant identity risk
• Synthetic media is now a top-tier enterprise threat, with close to half (45%) identifying prerecorded video deepfakes as a primary concern
• 40% reported AI voice cloning incidents involving manipulated audio clips targeting call centers
• Identity impersonation incidents surged by 35%, with candidate fraud (39%) emerging as the second most prevalent threat after credential misuse
• 59% of organizations incur a “hindsight tax,” increasing budgets only after a breach—at which point 61% prioritize rapid IDV and MFA (57%) deployment

Market Outlook: Bridging the Literacy-Action Gap

While technical understanding has surged, this “literacy breakthrough” has yet to eliminate legacy credentials. However, the project pipeline suggests an imminent market shift as organizations move beyond “persona-based” protection for executives toward universal, enterprise-wide execution.

• 76% of organizations still rely on legacy passwords, though 71% are now moving toward passwordless adoption
• Three quarters are likely to invest in passkeys or passwordless tools in 2026
• One-third have active passwordless pilots underway—the highest of any authentication method surveyed
• More than a third (33%) have successfully scaled passwordless protection to over half of their total workforce