Passwords are falling in popularity as people turn to more secure password-less authentication methods.
That's according to the FIDO Alliance’s latest Online Authentication Barometer report, which gathers insights into the state of online authentication globally.
Based on a survey of more than 10,000 consumers in the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India, and China, FIDO estimates that password usage online has dropped by 5-9%, year-on-year.
Passwords still popular
The study found that, when logging into financial services, work computers and accounts, social media, streaming services, or smart home devices, people are more likely to use biometrics, or other convenient forms of authentication.
However, despite the drop, passwords are still the number one method of online authentication, despite the headaches they cause.
Seven in ten (70%) individuals have had to recover at least one password in any given month.
Service providers and retailers have also been impacted, with more than half (59%) of people simply giving up on accessing online services.
Furthermore, 43% of people reported abandoning a purchase they intended to make online because they couldn’t remember their password.
As a result, the number of people deciding to stay logged into accounts has risen by 5%-11%.
But it's not all bad news. FIDO reports that Multi-factor authentication (MFA) through SMS One-Time Passcodes (OTP) usage has risen by 1%-4%. While the use of text messages in MFA presents its own problems, the rise may suggest that awareness of alternative security solutions for online accounts and data is starting to enter the mainstream.
Passkeys, a novel authentication method introduced last summer by Apple, appears to have a high level of awareness among users, FIDO further stated. According to its data, 39% of people are familiar with the concept (up to 48% among 18-34-year-olds).
“People see entering passwords as a pain and avoid it when they can,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance.
“Service providers realize the inconvenience and security issues with passwords and are offering more ways to authenticate such as cookies to stay logged in and/or legacy MFA like SMS OTPs.”
While stepping away from passwords is a good thing, Shikiar did note that there’s still work to be done before everyone is guaranteed more security online.
“However, these attempts at convenience and security are still based on outdated and phishable authentication technologies that everyone needs to move away from if we are ever going to stop the constant onslaught of data breaches.”
“Organizations should all have implementation of modern, phishing-resistant authentication on their roadmaps, whether it is via on-device biometrics, FIDO security keys or passkeys.”
- Check out the best firewalls right now