The FIDO Alliance released its third annual Online Authentication Barometer today, gathering data on the state of online authentication in ten countries around the world. This year, the FIDO Alliance has also begun measuring consumer perception of dangers and scams online in order to better predict expected threat levels internationally.
According to the 2023 Online Authentication Barometer, despite the fact that passwords are still widely used, consumers prefer stronger, more user-friendly solutions. The most often used authentication technique across all use cases studied was manually entering a password without any additional authentication, including accessing work computers and accounts (37%), streaming services (25%), social media (26%), and smart home devices (17%). On average, consumers type a password manually about four times per day, or approximately 1,280 times per year. The only exception to this trend was in financial services, where biometrics (33%) edged out passwords (31%*) as the most popular sign-in technique.
This is especially intriguing given biometrics’ growing use as a method of authentication. When asked which authentication method is the most secure and which method they like using, biometrics came out on top in both categories, with popularity increasing by roughly 5% since last year. This shows that customers desire to use biometrics more but don’t have the possibility right now.
This is especially intriguing given biometrics’ growing use as a method of authentication. When asked which authentication method is the most secure and which method they like using, biometrics came out on top in both categories, with popularity increasing by roughly 5% since last year. This shows that customers desire to use biometrics more but don’t have the possibility right now.
“This year’s Barometer data revealed encouraging signs of shifting consumer attitudes and a desire to use stronger authentication methods, with biometrics particularly popular.” “However, high password usage without 2FA is concerning because it reflects how few alternatives, such as biometrics, are still being offered to consumers, resulting in lingering usage,” said Andrew Shikiar, Executive Director and CMO of the FIDO Alliance.
This year’s Barometer also revealed consumer perceptions of internet risks and scams. 54% of individuals have noticed an increase in suspicious messages and frauds on the internet, and 52% believe they are becoming more sophisticated.
Threats have been observed to be active across a variety of platforms, primarily email, SMS messaging, social media, and phoney phone calls or voicemails. The greater availability of generative AI technologies is most certainly driving the growth in scams and phishing risks. Tools like FraudGPT and WormGPT, which were developed and distributed on the dark web specifically for use in cybercrime, have made creating persuasive social engineering assaults more simpler, more complex, and easier to perform at scale. Deepfake voice and video are also being used to augment social engineering attacks, fooling people into thinking they are speaking with a known trusted individual.
“Phishing is still by far the most used and effective cyberattack technique, which means passwords are vulnerable regardless of complexity,” Shikiar noted. With highly accessible generative AI tools now providing bad actors with the means to launch more convincing and scalable attacks, it’s critical that consumers and service providers listen to consumers and begin to consider non-phishable and frictionless solutions like passkeys and on-device biometrics, rather than iterating on ultimately flawed legacy authentication like passwords and OTPs.”
Passkeys, which allow secure and convenient passwordless sign-in to internet services, have increased in consumer awareness despite only being available for a little more than a year, going from 39% in 2022 to 52% today. Many big players in the industry have publicly backed the non-phishable authentication method – Google recently announced that passkeys are now available for all of its users to move away from passwords and two-step verification, as has Apple, with other brands like PayPal also making these available to consumers in the last year.
The impact of legacy sign-ins is becoming more severe for organizations and consumers.
The detrimental impact of legacy user authentication was also observed to be worsening. In the last 60 days, 59% of users gave up using an online service and 43% abandoned a purchase, with the frequency of these incidents increasing year on year to approximately four times per month, per person, up by around 15% from the previous year. Poor online experiences have a negative impact on firms’ bottom lines and cause consumer discontent.
In the last two months, 70% of users have had to change and recover passwords due to forgetfulness, illustrating how inconvenient passwords are and their function as a main barrier to a seamless online user experience.