Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA and where they choose to use it.