Major vendors have already announced plans for keychains, MFA and passwordless log-ins, and a new ‘authentication barometer’ shows more evidence…
To track the uptake of secure authentication technologies among the general public, the FIDO Alliance has launched an ‘Online Authentication Barometer’ in 10 countries across the globe, including six in the Asia Pacific region (APAC).
The barometer provides baseline insights into the state of online authentication, with future releases of the barometer able to compare changes in behavioral patterns and attitudes over time.
According to current data, biometrics technologies such as using fingerprint and face scans are being used by at least 40% of people and are by far the most popular form of online authentication, second only to passwords.
Other findings include:
- Biometrics adoption for online authentication varies widely internationally, yet all countries surveyed reported at least 25% of the population were using biometrics in some capacity.
- Passwords and other knowledge-based approaches such as One-Time Passwords have historically dominated online authentication and the barometer confirms this is still the case. However, major platform and device manufacturers have begun adopting possession-based, passwordless alternatives into their core product offerings to improve security and convenience. As these and other initiatives gain traction, the world’s reliance upon passwords and other server-side ‘secrets’ is expected to decrease in favor of modern solutions including biometrics, security keys and other on-device approaches for user authentication.
- Over three in 10 respondents in APAC perceived biometrics to be the most secure way for people to verify their identity online, aligning with the trend worldwide. It was also the most popular method of logging in to their online accounts, apps, and smart devices, accounting for 29% of respondents.
- 84% of APAC respondents showed high levels of awareness on the security issues of passwords. However, despite biometrics being recognized for better security, 18% of APAC respondents still considered passwords to be the most secure way to authenticate themselves online, and 13% believed SMS OTPs were the most secure. This was ahead of some of the strongest methods available today, including authentication software (8%) and physical security keys (4%). Of the 15% who did not take any steps to improve their online security, the majority said they did not know how (38%), with 27% saying it was “too complicated” and 18% believing a data breach or hack would not happen to them.
According to Andrew Shikiar, Executive Director & CMO, FIDO Alliance: “Time and time again we see data breaches, ransomware and other attacks that leverage vulnerabilities associated with passwords and other ‘what you know’ forms of authentication, including OTPs as a second factor. The industry at large must shift towards possession-based factors such as biometrics and security keys that are not susceptible to remote attacks such as phishing, credential stuffing and various forms of social engineering that frankly are difficult if not impossible for the average user to detect.”