FIDO Alliance’s second annual Online Authentication Barometer reveals the habits, trends and adoption of authentication technologies

Summary of key findings:

  • Entering passwords has dropped globally – by 5% – 9% across all use-cases tracked, as people adopt more convenient ways of logging in.
  • Yet passwords are still the most-used authentication method and they are proving costly to service providers – 59% of people gave up on accessing online services and 43% abandoned purchases in a given month.
  • The use of SMS OTPs has increased globally by 1% – 4% as it is increasingly offered by service providers as a multi-factor authentication method.
  • Businesses need a way to offer people the convenience they want without sacrificing security – passkeys is one new approach and is on the radars of 48% of 18-34 year-olds.
  • The metaverse has gained traction yet phishable authentication dominates despite security concerns – 61% of metaverse users are concerned over their security and privacy yet 38% use a password.

SEATTLE, WA, October 18, 2022 — The FIDO Alliance today published its second annual Online Authentication Barometer, which gathers insights into the state of online authentication in 10 countries across the globe. New to the Barometer this year, the FIDO Alliance has begun tracking authentication in the metaverse, and plans to incorporate utilization of technologies like passkeys in future editions of the report.

Key findings

The 2022 Online Authentication Barometer has identified that entering passwords online has dropped by 5% – 9% across all five major use-cases that it tracks – including accessing financial services, work computers and accounts, social media, streaming services, and smart home devices – compared to last year.

Despite this, passwords remain the dominant form of online authentication and cause major issues for people and businesses. For example, 70% of people had to recover a password at least once in a given month. Service providers and retailers also were impacted, with 59% of people giving up on accessing online services in a given month and 43% abandoning purchases because they couldn’t remember their password.

Data from the Barometer also suggests these issues with remembering and entering passwords are leading more people to stay logged into accounts, rising by 5% – 11% across all use-cases, as people opt for greater convenience. Other notable trends include multi-factor authentication through SMS One-Time Passcodes (OTPs) rising between 1% – 4% across all use-cases, as this legacy form of second-factor authentication is increasingly offered by service providers to rapidly improve consumer security and to meet regulatory requirements.

“This year’s Barometer data reveals that people see entering passwords as a pain and avoid it when they can,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “Service providers realize the inconvenience and security issues with passwords and are offering more ways to authenticate such as cookies to stay logged in and/or legacy MFA like SMS OTPs.” 

Shikiar added: “However, these attempts at convenience and security are still based on outdated and phishable authentication technologies that everyone needs to move away from if we are ever going to stop the constant onslaught of data breaches. Organizations should all have implementation of modern, phishing-resistant authentication on their roadmaps, whether it is via on-device biometrics, FIDO security keys or passkeys.” 

Tracking emerging technologies

The FIDO Alliance’s Online Authentication Barometer is designed to track habits, trends and adoption across key use-cases, including new technologies and use-cases as they are adopted. This year, it began tracking the metaverse as one of its key online use-cases. The Barometer also sampled early insights into passkeys, which are FIDO credentials designed to replace passwords that provide faster, easier, and more secure sign-ins to websites and apps.

Almost a third of people (31%) have logged into the metaverse recently, with 61% concerned over their security and privacy. Despite this, phishable authentication methods dominate with 38% of people logging in with passwords, 24% using password plus OTPs, and 21% remaining logged in. Other, more secure, possession-based methods like biometrics (26%) and physical security keys (16%) are also prevalent.

Passkeys, which provide secure and convenient passwordless sign-ins to online services, appear to 

have a high level of awareness, despite only being announced this year. The data shows that 39% of people are familiar with the concept of passkeys – and this is especially high among 18-34 year-olds at 48%. FIDO’s Online Authentication Barometer will track the adoption of passkeys in next year’s report and determine how far this early awareness translates into usage.

Ends

Notes to editors:

  • Research for the FIDO Alliance’s Online Authentication Barometer was conducted by Sapio Research among 10,044 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India and China.

About the FIDO Alliance 

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

PR Contact 

press@fidoalliance.org 


More

FIDO Certified Products Reach 335: How to Make the Most out of Certification

Adam Powers, technical director, FIDO Alliance The FIDO ecosystem – the world’s largest for interoperable,…

Read More →

FIDO’s Imperative to Mobile Ecosystem Evident At Mobile World Congress

Andrew Shikiar, Senior Director of Marketing, FIDO Alliance We are back and recovered from Mobile…

Read More →

Extending the PKI Security Model with FIDO Authentication Standards

Last December, the U.S. Commission on Enhancing National Cybersecurity laid out “an ambitious but important…

Read More →