Despite the enduring use of passwords for various online services, there’s a growing appetite among consumers for more user-friendly alternatives.
The 2023 Online Authentication Barometer reveals that manual password entry, without any supplemental authentication, remains the primary sign-in method for several digital use cases.
This includes accessing work computers and accounts (37%), streaming services (25%), social media (26%), and smart home devices (17%). Astonishingly, consumers manually key in passwords almost four times daily, totalling approximately 1,280 instances annually.
However, in the realm of financial services, the narrative shifts. Biometrics, at 33%, narrowly surpassed passwords, which came in at 31%. The rising favourability of biometrics is also evident when people were quizzed about their preferred and perceived most secure authentication means. Biometrics topped both categories, registering a 5% surge in popularity compared to the previous year. It underscores a prevalent consumer sentiment: the eagerness to embrace biometrics if only more opportunities existed.
FIDO Alliance Executive Director and CMO Andrew Shikiar said, “This year’s Barometer data showed promising signs of shifting consumer attitudes and desire to use stronger authentication methods, with biometrics especially proving popular. That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage.”
The Barometer also delved into online scams, revealing a concerning landscape. Over half, 54%, observed a spike in dubious online messages and scams, with 52% deeming them increasingly sophisticated. The rampant availability of generative AI tools like FraudGPT and WormGPT, primarily crafted for cybercriminal intents, is potentially spurring these threats. These tools simplify the execution of advanced social engineering attacks, with deepfakes further elevating their deceptive potency.
Shikiar further noted, “Phishing is still by far the most used and effective cyberattack technique, which means passwords are vulnerable regardless of their complexity. With highly accessible generative AI tools now offering bad actors the means to make more convincing and scalable attacks, it’s imperative consumers and service providers listen to consumers and start to look at non-phishable and frictionless solutions like passkeys and on-device biometrics more readily available, rather than iterating on ultimately flawed legacy authentication like passwords and OTPs.”
Passkeys have experienced a surge in consumer recognition, with industry giants like Google and Apple endorsing them. Legacy authentication methods continue to deteriorate in efficacy, with 59% abandoning online service access and 43% forgoing a purchase within the past two months due to them. A staggering 70% had to recover forgotten passwords recently, spotlighting the inconvenience of passwords and their detrimental role in smooth online experiences.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst