The password remains the main form of online authentication causing major issues for people and businesses - but is that about to change?

(Source – Shutterstock)

FIDO Alliance: Global password usage down as authentication methods evolve

Authentication methods continue to evolve as businesses look to improve and boost their cybersecurity and also have better control and visibility on who accesses their systems and data. While the password have been the go-to authentication methods for decades, its usage has become increasingly easy to compromise with every passing year.

As such, more organizations are now looking to use different forms of authentication to enhance secured access. This includes the use of multi-factor authentication and biometrics. In fact, more companies are looking to implement these authentication methods today.

According to FIDO Alliance’s second annual Online Authentication Barometer, entering a password online has dropped by 5% – 9% across all five major use cases that it tracks — including accessing financial services, work computers, accounts, social media, streaming services, and smart home devices – compared to last year.

And yet, the password remains the dominant form of online authentication — and the cause of major issues for people and businesses. For example, over tow-thirds (70%) of people had to recover a password at least once in a given month. Service providers and retailers also were impacted, with 59% of people giving up on accessing online services in a given month, and 43% abandoning purchases, because they couldn’t remember their passwords.

Remembering passwords is just one of the many inconveniences faced. Other notable trends include multi-factor authentication through SMS One-Time Passcodes (OTPs) rising between 1% – 4% across all use cases, as this legacy form of second-factor authentication is increasingly offered by service providers to rapidly improve consumer security and to meet regulatory requirements.

For Andrew Shikiar, executive director and CMO of the FIDO Alliance, this year’s Barometer data reveals that people see entering passwords as a pain and avoid it when they can. He added that service providers realize the inconvenience and security issues with passwords and are offering more ways to authenticate, such as cookies to stay logged in and/or legacy MFA like SMS OTPs.

“However, these attempts at convenience and security are still based on outdated and phishable authentication technologies that everyone needs to move away from, if we are ever going to stop the constant onslaught of data breaches. Organizations should all have an implementation of modern, phishing-resistant authentication on their roadmaps, whether it is via on-device biometrics, FIDO security keys, or passkeys,” added Shikiar.

Replacing the password for authentication

The FIDO Alliance’s Online Authentication Barometer is designed to track habits, trends, and adoption across key use cases, including new technologies and use cases as they are adopted. This year, it began tracking the metaverse as one of its key online use cases. The Barometer also sampled early insights into passkeys, which are FIDO credentials designed to replace passwords that provide faster, easier, and more secure sign-ins to websites and apps.

As such, tracking authentication in the metaverse will enable plans to incorporate the utilization of technologies like passkeys in future editions of the report.

Almost a third of people (31%) have logged into the metaverse recently, with 61% concerned over their security and privacy in the virtualized space. Despite this, phishable authentication methods dominate with 38% of people logging in with passwords, 24% using password-plus-OTPs, and 21% remaining logged in. Other more secure, possession-based methods like biometrics (26%) and physical security keys (16%) are also prevalent.

Passkeys, which provide secure and convenient passwordless sign-ins to online services, appear to have a high level of awareness, despite only being announced this year. The data shows that 39% of people are familiar with the concept of passkeys – and this is especially high among 18-34 year-olds at 48%. FIDO’s Online Authentication Barometer will track the adoption of passkeys in next year’s report, and determine how far this early awareness translates into usage.