Okta has released India-specific findings from its Secure Sign-in Trends Report 2025, indicating that Indian enterprises have established a comparatively strong baseline for identity security. The report, based on billions of anonymised authentication events across global customer environments, shows that multi-factor authentication (MFA) adoption in India has reached 89.4%, significantly higher than the global average of 70%.
The data suggests that identity protection is increasingly being treated as a strategic priority by Indian organisations amid rising cyber risks.
India outperforms global benchmarks
Key findings from the report include:
- Higher adoption: India’s MFA adoption rate stands at 89.4%, compared with a global workforce average of 70%.
- Continued growth: Adoption increased by 4.1 percentage points year-on-year, indicating sustained enterprise focus on security.
- Global shift underway: Adoption of phishing-resistant, passwordless authentication methods has risen by 63% worldwide.
- Security gap elsewhere: Nearly one-third of users globally still lack basic MFA protection, positioning India’s coverage as a potential resilience advantage.
Moving beyond traditional MFA
Shakeel Khan, Country Manager and Regional Vice President, Okta India, said the high adoption rate reflects a proactive approach to digital defence but cautioned that organisations should not rely solely on conventional MFA methods. He emphasised the importance of transitioning towards phishing-resistant and passwordless authentication to strengthen long-term security.
Mathew Graham, Regional Chief Security Officer, APAC at Okta, noted that legacy authentication factors such as SMS and voice are increasingly vulnerable to social engineering attacks. He added that phishing-resistant approaches, including WebAuthn and FastPass, can help close critical security gaps while improving user experience.
Implications for enterprise security strategies
The report indicates that MFA is no longer viewed as an optional security layer for Indian enterprises. Instead, organisations are increasingly expected to adopt higher-assurance authentication standards, prioritise phishing resistance for sensitive access and gradually reduce dependence on passwords.
The findings also reinforce the growing relevance of Zero Trust architectures, where identity becomes a core control point for balancing security with workforce productivity.