January 5, 2024

Fast Identity Online (FIDO) aims to reduce the world’s over-reliance on passwords and address the lack of interoperability among strong authentication technologies.

Recently, FIDO Alliance conducted two comprehensive market research studies analyzing authentication methods – largely focusing on the inefficacy of passwords.

The purpose of this article is to review the key findings from these reports, understand their implications, and finally to consider how biometric face verification addresses the problems surrounding authentication today.

Online Authentication in 2023: An Overview

FIDO surveyed 10,000 consumers across various countries including Australia, China, France, Germany, India, Japan, Singapore, South Korea, U.K., and the U.S. in their “FIDO Barometer Report”.

So, what were the takeaways?

Key Finding #1: Although Proven To Be Insecure And Cumbersome, Passwords Are Still Dominant Across Use Cases

It’s startling to know that passwords are still so dominant when they are commonly accepted to be among the weakest forms of authentication. They are easily undermined by phishing, malware, and brute-force attacks (the latter is streamlined by people continuing to use weak passwords). Additionally, our passwords are often available online following data breaches, which can be quickly exploited across the web using credential stuffing attacks.

Today, most data breaches owe to the use of passwords. Verizon found in 2023 that the human element contributes to 74% of breaches, whether it’s through error, misuse of privileged credentials, or social engineering. Removing credentials from the process minimizes this risk.

You can’t just make passwords stronger and more complex indefinitely – that isn’t a scalable option. People can’t be expected to remember increasingly complex passwords for all of their online accounts and change their passwords over and over. It’s tiresome and outdated.

iProov found that 37% of global consumers have forgotten a password in the last 24 hours. These issues compound and intensify each other, creating an industry of administrative burden for organizations. Forrester Research identified that several large US-based organizations in different verticals allocate over $1 million annually just for password-related support costs.

Ultimately, passwords are no longer a suitable form of authentication. FIDO’s next finding considered the alternative:

Key Finding #2: Biometrics Is Considered the “Most Secure” And Preferred Method for Consumers Login

This comes as little surprise – factors such as convenience, data protection, privacy, and identity theft are massive challenges for organizations today. Passwords can do little to safeguard against these concerns, but the right biometric solution can.

Previous iProov surveys similarly found that 72% of consumers worldwide prefer face verification specifically for secure online services, and 64% said they either already use face authentication for accessing their mobile banking app or would do so if it was available.

While passwords are the ‘bare minimum’ for low risk online security, weak security is no longer adequate for most organizations. Today, it’s essential to bind digital identities to real-world government IDs rather than just something a user knows or owns – which only face biometrics can do reliably and at scale. The right biometric face verification solution is very difficult to undermine, as your genuine face cannot be stolen, phished, lost, or forgotten.

Read more about the security of biometric face verification and how biometric systems can deliver ongoing and evolving security here.

Key Finding #3: Online Scams Are Becoming More Frequent and More Sophisticated (Likely Fuelled by AI)

Over half (54%) of FIDO’s respondents have seen an increase in suspicious messages and scams, and 52% believe these scams have become more sophisticated of late.

We know that AI is intensifying the threat landscape. AI-fuelled phishing attacks are on the rise, as fraudsters can use tools like ChatGPT to bolster the fraud/social engineering process, enabling them to converse convincingly and in real-time with their target.

This makes it harder to differentiate between a genuine communication from your banking institution, for instance, versus one where you can easily spot glaring issues. This is, in part, because now AI can provide fraudsters with a perfect template to assist social engineering and phishing attempts.

Key Finding #4: The Financial Impact of Legacy Sign-in Methods Is Growing

Increasing numbers of people are abandoning their carts online. FIDO found that this is 15% more common than last year, with nearly four purchases abandoned each month per person.

This is largely because passwords increase user friction. This leads to customer frustration and increased abandonment rates. Frustration makes customers less likely to complete the authentication process, which damages businesses’ bottom line – an iProov survey similarly found that 15% of global consumers are abandoning purchases at least once a week because of passwords.

Passwords Must Make Way For Passwordless Authentication

FIDO second report – The 2023 Workforce Authentication Report: Embracing the Passwordless Future – focusses on passwordless authentication.

Let’s break down a few of the key report findings:

    • “92% of businesses already have, or plan to move to, passwordless technology”, although 55% of IT leaders feel they need more education on how passwordless technology works.
    • Like the Barometer report, it found that a majority of businesses are still using easily compromisable authentication methods: “76% use passwords for authenticating users within their organisation”.
    • 50% of IT leaders believe that passwordless authentication will reduce the need for non-passwordless MFA offerings.
    • 56% believe it will also result in a reduction in IT help desk requests.

The takeaway is that businesses now accept that passwords — despite their lingering dominance – are ineffective, and the vast majority have a plan to move away from them.

Together the two reports establish that passwords are truly ineffective, and we’ve learned that the problem is being exacerbated by AI. We know that users prefer biometrics, and IT leaders believe that the future is passwordless.

We are seeing a decisive shift across society. But as tech giants and other organizations across the globe continue towards passwordless authentication, they need to ensure that they’re choosing the right solution…

The Solution: Biometric Face verification

Biometric face verification has emerged as the most secure and convenient method for organizations to verify and authenticate user identity online – it is able to deliver multiple levels of assurance including mission-critical security without compromising individual convenience.

Facial biometrics brings identity back to its core: what a user is. It’s inherent to an individual and cannot be lost, forgotten, or compromised, unlike knowledge or possession factors. Since people always have their faces with them, they can verify or authenticate from anywhere.

By replacing passwords with a more secure, passwordless face verification solution, organizations can help protect users from phishing and other attacks that often result in account takeover fraud.

Static defenses and credentials don’t work anymore.The solution must take an evolving and adaptive approach to security. Ultimately, organizations must carefully consider the authentication strategy that they choose to replace passwords. iProov face biometrics balances additional security with maximum usability, simplicity and convenience in order to minimize friction and customer frustration.

Opt-in facial biometrics is the future. There are a variety of passwordless options available, but organizations must be very careful in selecting one that can deliver the security, convenience, and inclusivity required.

iProov technology enables passwordless authentication through face biometrics. But it does not require any specialist hardware, and can be used with consistent success by anyone regardless of their skin tone, socio-economic class, cognitive ability or other accessibility needs. Enabling organizations to implement a passwordless strategy without discriminating against users. Our face verification solution is trusted by the world’s most security conscious organizations such as UBS, The Department of Homeland Security, and The UK Home Office.

If you’d like to learn more about how iProov can be used to replace passwords and enhance authentication security at your organization with biometrics, book your demo today.