FIDO Alliance research tracks passwordless authentication
In recent years there has been a growing demand for different types of user authentication technologies for both online and physical systems.
Authentication is the process of identifying users that request access to a system, network, or device. Access control often determines user identity according to credentials like username and password. Other authentication technologies like biometrics and authentication apps are also used to authenticate user identity.
FIDO Alliance, which promotes the development of, use of, and compliance with standards for authentication and device attestation, has launched its Online Authentication Barometer to track the uptake of secure authentication technologies among the general public.
The Online Authentication Barometer provides baseline insights into the state of online authentication in 10 countries across the globe, with future releases of the barometer able to compare changes in behaviours and attitudes over time.
What has the Online Authentication Barometer found?
Passwords have historically dominated online authentication and the barometer confirms this is still the case. However, major platform and device manufacturers including Apple, Google and Microsoft have begun adopting possession-based, passwordless alternatives into their core product offerings to improve security and convenience.
It reveals that biometrics, such as using fingerprints and face ID, are being used by at least 35% of people and are by far the most popular form of online authentication behind passwords. The barometer highlights how the adoption of biometrics for online authentication varies widely internationally, yet all countries surveyed reported at least 25% of the population are using biometrics in some capacity.
Biometrics are perceived to be the most secure way for people to verify their identity online – 32% of people believe this, a trend that holds true in all 10 countries the Online Authentication Barometer explored. Biometrics are also the most preferred method of logging in for 28% of people surveyed.
“Time and time again we see data breaches, ransomware and other attacks that leverage vulnerabilities associated with passwords and other ‘what you know’ forms of authentication — including OTPs as a second factor,” said Andrew Shikiar, Executive Director & CMO of the FIDO Alliance. “The industry at large must shift towards possession-based factors such as biometrics and security keys that are not susceptible to remote attacks such as phishing, credential stuffing and various forms of social engineering that frankly are difficult if not impossible for the average user to detect. We are pleased to establish and share the Online Authentication Barometer as a mechanism to track our collective progress towards a safer and more secure networked economy.”
Protecting accounts from cyber attacks
The Online Authentication Barometer also found data on people taking steps to protect their accounts from being hacked or compromised. The vast majority of people (84%) took action, suggesting high levels of awareness on the security issues passwords have. However, despite biometrics being recognised for better security, 19% of people still consider passwords to be the most secure way to authenticate themselves online, and 11% of people think SMS OTPs are the most secure. This was ahead of some of the strongest methods available today, including authentication software (6%) and physical security keys (4%).
Of the 16% who didn’t take any steps to improve their online security, the majority said they didn’t know how (37%), with 26% saying it’s too complicated and 16% believing a data breach or hack would not happen to them.