So I ran across this article the other day about the number of companies still using password-only authentication. Now looking at the actual survey, and it says that in 2015, 39% of respondents reported using only passwords for their authentication, but I think the bigger number from the report is that 85% are using passwords somewhere as there were several categories listing passwords and something else.
So even if we look at the fact that the number of organizations using only passwords for authentication has fallen below half, a full half still have some level of passwords in use within the organization, and only 11% stated they only use 2FA.
What does this mean? That we have a long way to go in making authentication stronger.