Only 20 percent used soft tokens, and fewer still -- 17 percent -- used biometrics.
But this is likely to change.
"Most respondents said that they are looking to add more authentication measures," said Grant. "Most realize that a user name and password isn't enough anymore."
The top authenticaion measure on companies' to-do list is biometrics, which 47 percent of respondents said they were planning to require in the future, followed by phone-based authentication at 38 percent and soft tokens at 32 percent.
The most likely biometric measures used are facial, fingerprint and voice recognition, Grant said.
"Most consumers are becoming more comfortable with those types of biometric technologies than they were three to five years ago, because the devices they're using have that baked right in," she said.