-

Secret Double Octopus Releases 2026 State of Identity Security in Financial Organizations Report

Survey of 200 IAM Leaders Reveals a Dangerous Confidence Gap: 82% Trust Their Authentication Controls Even as Phishing Surges and Just 28% of MFA Is Phishing-Resistant

MENLO PARK, Calif.--(BUSINESS WIRE)--Secret Double Octopus (SDO), the leader in enterprise-grade passwordless authentication, today announced the release of its 2026 State of Identity Security in Financial Organizations report. The study, based on a survey of 200 IAM leaders and stakeholders at financial services firms across the US and Canada, exposes a sharp disconnect between how protected these organizations believe they are and what their own responses reveal about the maturity of their identity security controls.

"The most alarming finding in this report is not the size of the gaps but how confident financial organizations feel despite them," said Raz Rafaeli, CEO and Co-Founder of Secret Double Octopus.

Share

The headline finding is a confidence gap that should concern every security leader in the sector. While 94% of respondents reported that phishing attacks increased over the past year and only 28% of the MFA they use for workforce authentication is phishing-resistant, a striking 82% said they are confident their current controls can mitigate account takeover risk. As phishing-resistant and passwordless authentication become the regulatory baseline for strong authentication, that confidence looks increasingly difficult to justify.

Coverage Is Partial, and the Gaps Are Hiding in Plain Sight

The study finds that MFA coverage across financial organizations is fragmented. SaaS applications are protected at a relatively high rate of 74%, but legacy systems lag far behind at just 50%. This matters because legacy still dominates the environment: 54% of organizations report that at least half their applications and infrastructure are legacy, rising to 79% among those who cite regulatory compliance as a top driver to modernize. Many organizations also run strong and weak authentication methods side by side, which masks gaps and creates a false sense of security.

Passwordless Adoption Remains Stalled

Only 15% of workforce authentication flows in financial services are passwordless. Many methods marketed as passwordless still keep the password behind the scenes, where users are sometimes still required to type it in or periodically change it, leaving it exposed to theft, phishing, or compromise. A true passwordless approach removes the password from the flow entirely rather than merely hiding it. The most-cited obstacles to universal phishing-resistant MFA are technical or architectural complexity (79%), cost and budget constraints (53%), and the inability to support legacy apps and infrastructure (51%).

"The most alarming finding in this report is not the size of the gaps but how confident financial organizations feel despite them," said Raz Rafaeli, CEO and Co-Founder of Secret Double Octopus. "Strong-sounding MFA is not the same as phishing-resistant MFA, and partial coverage leaves the most sensitive systems exposed. The encouraging part is that these gaps are solvable today, including on legacy and on-prem systems, without rearchitecting or replacing the infrastructure organizations already rely on."

About the Survey

The 2026 State of Identity Security in Financial Organizations report was administered online by Global Surveyz Research, an independent global research firm. Responses were collected during April 2026 from 200 IT, cybersecurity, and identity security decision-makers at banks, credit unions, investment firms, and loan providers across the US (80%) and Canada (20%), split evenly across four company-size bands.

The full report is now available at https://hubs.ly/Q04nJLTB0.

About Secret Double Octopus

Secret Double Octopus is a pioneer in enterprise-grade passwordless authentication. Its patented ZeroPassword™ technology eliminates all user-managed passwords and delivers phishing-resistant MFA for every login, even across legacy and on-prem systems. By removing passwords, SDO minimizes the attack surface and identity-related costs while improving user experience and operational efficiency. The company's solution is deployed by Fortune 500 companies and leading service providers across heavily regulated industries including finance, defense, and critical infrastructure.

Contacts

Media Contact: Fiorella Zeoli, Secret Double Octopus Fiorella.Zeoli@doubleoctopus.com

Secret Double Octopus


Release Versions

Contacts

Media Contact: Fiorella Zeoli, Secret Double Octopus Fiorella.Zeoli@doubleoctopus.com

Social Media Profiles
More News From Secret Double Octopus

Secret Double Octopus Appoints Former NetApp CEO Dan Warmenhoven to its Board of Directors

MENLO PARK, Calif.--(BUSINESS WIRE)--Secret Double Octopus, the leader in workforce authentication security, today announced the appointment of Dan Warmenhoven to its Board of Directors. Warmenhoven's extraordinary track record of scaling technology companies and deep cybersecurity experience will be invaluable as SDO scales to meet demand from heavily regulated global enterprises. Warmenhoven brings unparalleled operational expertise to Secret Double Octopus. He served as CEO of NetApp for ove...

Secret Double Octopus Launches ZeroPassword™ MSP Program, Empowering Managed Service Providers to Eliminate Passwords for Every Client

MENLO PARK, Calif.--(BUSINESS WIRE)--Secret Double Octopus (SDO), the leader in enterprise-grade passwordless authentication, today announced the official launch of its ZeroPassword™ MSP Program, the first comprehensive program designed to help Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) eliminate passwords across every application, system, and login for their clients. The ZeroPassword™ MSP Program delivers an actual password-free reality that extends beyond...

Secret Double Octopus Secures Strategic Investment from SBI Holdings to Propel Global Expansion of Workforce Passwordless Authentication

MENLO PARK, Calif.--(BUSINESS WIRE)--Secret Double Octopus, the market leader in workforce passwordless authentication, today announced the successful raising of additional equity funding as part of the second tranche of its Series C. SDO’s platform is being used by Fortune 500 companies to eliminate passwords from all employee workflows, and has received the support of prominent VCs, IAM market leaders, and industry analysts. In recent years the platform demonstrated its robustness in many hig...
Back to Newsroom