New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies
Summary of key findings:
- Passwords still prevail over other, more secure authentication methods — 56% of people used them to log into financial services accounts in the last 60 days
- Biometrics are gaining traction, both in perception of security and usage — 32% of people think it is the most secure authentication method, and it is the preferred method for 28%
- Many consumers still don’t know what action to take to secure their accounts — stated by 37% of people that didn’t take any steps to improve their online security
- Many consumers wrongly believe that taking action to strengthen a password is the best way to secure their account — 19% of people believe this
- Consumers need to be educated on the risks and implications of poor account security and the solutions available
SEATTLE, WA, October 18, 2021 — The FIDO Alliance today launched its Online Authentication Barometer to track the uptake of secure authentication technologies among the general public. The Online Authentication Barometer provides baseline insights into the state of online authentication in 10 countries across the globe, with future releases of the barometer able to compare changes in behaviors and attitudes over time.
It reveals that biometrics, such as using fingerprints and face scans, are being used by at least 35% of people and are by far the most popular form of online authentication behind passwords. The barometer highlights how adoption of biometrics for online authentication varies widely internationally, yet all countries surveyed reported at least 25% of the population are using biometrics in some capacity.
Passwords and other knowledge-based approaches such as OTPs have historically dominated online authentication and the barometer confirms this is still the case. However, major platform and device manufacturers including Apple, Google and Microsoft have begun adopting possession-based, passwordless alternatives into their core product offerings to improve security and convenience. As these and other initiatives gain traction, the world’s reliance upon passwords and other server-side “secrets” is expected to decrease in favor of modern solutions including biometrics, security keys and other on-device approaches for user authentication.
Biometrics are the most popular of these possession-based and password-free authentication options, and data from the barometer reveals why. Biometrics are perceived to be the most secure way for people to verify their identity online – 32% of people believe this, a trend that holds true in all 10 countries the Online Authentication Barometer explored. Biometrics are also the most preferred method of logging in for 28% of people surveyed.
“Time and time again we see data breaches, ransomware and other attacks that leverage vulnerabilities associated with passwords and other ‘what you know’ forms of authentication — including OTPs as a second factor,” said Andrew Shikiar, Executive Director & CMO of the FIDO Alliance. “The industry at large must shift towards possession-based factors such as biometrics and security keys that are not susceptible to remote attacks such as phishing, credential stuffing and various forms of social engineering that frankly are difficult if not impossible for the average user to detect. We are pleased to establish and share the Online Authentication Barometer as a mechanism to track our collective progress towards a safer and more secure networked economy.”
The Online Authentication Barometer also found encouraging data on people actively taking steps to protect their accounts from being hacked or compromised. The vast majority of people (84%) took action, suggesting high levels of awareness on the security issues passwords have. However, despite biometrics being recognized for better security, 19% of people still consider passwords to be the most secure way to authenticate themselves online, and 11% of people think SMS OTPs are the most secure. This was ahead of some of the strongest methods available today, including authentication software (6%) and physical security keys (4%).
Of the 16% who didn’t take any steps to improve their online security, the majority said they didn’t know how (37%), with 26% saying it’s too complicated and 16% believing a data breach or hack would not happen to them.
The full Online Authentication Barometer from the FIDO Alliance can be found here.
Notes to editors
- Major organizations that have begun adopting possession-based, passwordless alternatives to improve security and convenience include:
- Apple announcing its intent for users iCloud Keychains users to secure accounts with cryptographic keypairs (“passkeys”) instead of passwords
- Google announcing plans to enable multi factor authentication by default
- Microsoft enabling its users to completely remove the password from their Microsoft account
- The FIDO Alliance Online Authentication Barometer research was conducted among 10,000 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India and China. The interviews were conducted online by Sapio Research in September 2021 using an email invitation and an online survey.
About the FIDO AllianceThe FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
MORE FIDO in the News
World Business Outlook: Cybersecurity is vital in the digital phase
As the digital phase of survival has both advantages and...November 29, 2021
Verdict Magazine: Is the Future of authentication passwordless
Is the future of authentication passwordless? Having strong and different...
Developpez: Cybercriminals are becoming less likely to use brute force attacks on long passwords
Microsoft has invested in recent years in various solutions such...