Key Takeaways

Consumer Reports’ 2025 Consumer Cyber Readiness Report says 81% of Americans use some form of multifactor authentication. (consumerreports.org)
Among people who use MFA, 83% say they use SMS/text-based codes, making it the most common MFA method. (consumerreports.org)
55% of MFA users say they use an authentication app such as Google Authenticator or Duo Mobile. (consumerreports.org)
33% of MFA users say they use a passkey, which Consumer Reports described as a noteworthy figure given how new passkeys are. (consumerreports.org)
Only 5% of MFA users say they use a physical security key, the most secure method listed in the report. (consumerreports.org)
The biggest adoption story is not just that MFA is common. It is that most people still rely on older, less phishing-resistant methods rather than stronger ones. This is an inference based on the distribution of MFA methods in the 2025 report. (consumerreports.org)

CORE STATISTICS

81% of Americans say they use some form of MFA. (consumerreports.org)
Among MFA users, 83% use SMS/text-based authentication. (consumerreports.org)
Among MFA users, 55% use an authentication app like Google Authenticator or Duo Mobile. (consumerreports.org)
Among MFA users, 33% use a passkey. (consumerreports.org)
Among MFA users, 24% use phone-call authentication. (consumerreports.org)
Among MFA users, 5% use a physical security key. (consumerreports.org)
Consumer Reports notes that passkeys were introduced only recently, yet one-third of Americans who use MFA already report using them. (consumerreports.org)
The 2025 survey was based on a nationally representative Consumer Reports American Experiences Survey of 2,333 U.S. adults. (consumerreports.org)

TRENDS & INSIGHTS

The clearest MFA trend is that adoption is already high at the consumer level, but the quality of adoption varies. Most people who use MFA still rely on text-message codes, which are familiar and easy, while smaller shares use authentication apps, passkeys, or physical security keys. (consumerreports.org)

Another major trend is the rise of passkeys. Consumer Reports says a third of MFA users now report using passkeys, which is notable because passkeys are much newer than SMS or authenticator apps. This suggests consumer authentication is slowly moving beyond passwords alone, even if the transition is still uneven. (consumerreports.org)

A third insight is that stronger authentication methods still face awareness and usability barriers. Consumer Reports explicitly notes that the rollout of passkeys has created some confusion for users, especially across different devices and ecosystems. That means adoption is no longer just about willingness. It is also about compatibility and clarity. (consumerreports.org)

REAL-WORLD CONTEXT

In practical terms, MFA adoption matters because a password by itself is often not enough. If a password is reused, guessed, or stolen in a phishing attempt, a second authentication step can block account access. Consumer Reports also notes that passkeys are more secure than traditional passwords because they cannot be shared with malicious sites in a phishing attempt. (consumerreports.org)

For adults 45–75, the challenge is often choosing a second factor that feels manageable. Text-based codes may be easiest, but stronger options like authentication apps and passkeys can offer better protection once users are comfortable setting them up. This is a reasoned conclusion based on the 2025 adoption mix. (consumerreports.org)

WHO IS MOST AT RISK

People who still rely on passwords alone and do not use MFA at all. This is an inference based on the role MFA plays in reducing damage from stolen passwords. (consumerreports.org)
Consumers who use only SMS MFA and assume all second-factor methods provide the same level of protection. This is an inference supported by the report’s distinction between methods. (consumerreports.org)
People confused by passkeys, recovery flows, or cross-device setup issues. Consumer Reports explicitly discusses those challenges. (consumerreports.org)
Anyone with important email, banking, or shopping accounts that still use only password-based login. This is a practical inference from the broader cyber-risk context. (consumerreports.org)

QUICK CHECKLIST (what this means)

MFA adoption is high, but stronger methods are not yet dominant. (consumerreports.org)
SMS remains the most common MFA method. (consumerreports.org)
Authentication apps and passkeys are important growth areas. (consumerreports.org)
Physical security keys remain rare among consumers. (consumerreports.org)
MFA adoption is no longer just about whether people use it, but which kind they use. This is an analytical conclusion based on the evidence above. (consumerreports.org)

HOW TO STAY PROTECTED

Turn on MFA for email, banking, and major online accounts if it is not already enabled. This follows directly from the purpose of MFA described in the report. (consumerreports.org)
Use an authentication app or passkey when available rather than relying only on text codes. This is a practical inference from the stronger protection Consumer Reports attributes to passkeys. (consumerreports.org)
Learn the recovery process for any passkey or MFA method you use. Consumer Reports stresses that recovery planning is essential. (consumerreports.org)
For households managing shared tech support, help older family members enable MFA on their most important accounts first. This is a practical conclusion from the broader account-risk context. (consumerreports.org)

CITABLE STATEMENTS

Consumer Reports says 81% of Americans use some form of multifactor authentication. (consumerreports.org)
Among MFA users, 83% use SMS/text-based authentication. (consumerreports.org)
Among MFA users, 55% use an authentication app. (consumerreports.org)
Among MFA users, 33% use a passkey. (consumerreports.org)
Only 5% of MFA users say they use a physical security key. (consumerreports.org)

SOURCES

Consumer Reports, 2025 Consumer Cyber Readiness Report. (consumerreports.org)

Two-Factor Authentication Adoption / Report