Unlocking Online Security: Insights from the 2023 Authentication Barometer

Explore the 2023 Online Authentication Barometer’s key findings, revealing the shift in online security preferences towards biometrics and the rising threat of scams in the Asia-Pacific region.

The FIDO Alliance has recently released its third annual Online Authentication Barometer, an extensive report providing insights into the state of online authentication across ten countries, including Australia, Singapore, Japan, South Korea, India, and China in the Asia-Pacific region. A notable addition to this year’s report is the inclusion of consumer perceptions regarding online threats and scams to better understand the expected threat levels both regionally and globally.

Key Highlights:

The 2023 Online Authentication Barometer highlights that despite the continued prevalence of traditional passwords, consumers are increasingly inclined to use more robust and user-friendly alternatives. Manually entering a password without additional authentication remains the most frequently used authentication method for various purposes in the Asia-Pacific region, such as accessing financial services (33%), work-related accounts (39%), streaming services (27%), social media (30%), and smart home devices (19%). On average, consumers input a password manually nearly four times a day, which accumulates to about 1,200 times annually.

Notably, biometrics are gaining popularity as a secure authentication method. When asked about their preferred and most secure authentication method, respondents across the board favored biometrics. Singapore leads this trend, with 35% of individuals considering biometrics the most secure and 41% preferring it as their primary method. This suggests a strong consumer desire to use biometrics more widely, highlighting the need for broader implementation.

Andrew Shikiar, Executive Director at FIDO Alliance, emphasized, “In the Asia-Pacific region, there is a growing interest among consumers in adopting more robust authentication methods, with biometrics emerging as a favored choice. However, persistently high password usage without two-factor authentication (2FA) remains a concern, underscoring the need for wider availability of alternatives like biometrics.”

Increasing Scams and Threats, Potentially Fueled by AI:

The report also delves into consumer perceptions of online threats and scams in the Asia-Pacific region. Notably, 58% of individuals have observed a surge in suspicious messages and scams online, with 56% believing these scams have become more sophisticated. Indian consumers appear to be particularly sensitive to this trend, with 75% noticing an increase in scams and 74% perceiving heightened sophistication.

Online threats are prevalent across various channels, with email, SMS messages, social media, and fake phone or voicemails being the primary avenues. The proliferation of generative AI tools, such as FraudGPT and WormGPT, available on the dark web for cybercriminal use, has made crafting convincing social engineering attacks simpler, more sophisticated, and scalable. Deepfake voice and video technologies are also used to enhance social engineering attacks, deceiving individuals into believing they are communicating with trusted contacts.

Andrew Shikiar stressed the importance of addressing this issue, saying, “Phishing remains the most commonly used and effective tactic employed by cybercriminals to steal information, rendering passwords vulnerable, no matter how complex. With the emergence of new AI tools that make phishing attacks more convincing and widespread, it’s crucial for service providers in the Asia-Pacific region to explore alternatives like passkeys and on-device biometrics, rather than sticking with outdated and less secure methods like passwords and one-time codes (OTP).”

Growing Awareness of Passkeys:

Passkeys, which offer secure and convenient passwordless access to online services, have gained awareness in the Asia-Pacific region, rising from 41% in 2022 to 58% in the present year. Major industry players, including Google and Apple, have publicly supported passkeys, offering them to users as an alternative to traditional passwords and two-step verification. Additionally, brands like PayPal have made passkeys accessible to consumers in the past year.

Negative Impact of Legacy Authentication:

The report reveals that the negative consequences of legacy user authentication methods are worsening. A significant percentage of individuals (62%) have abandoned efforts to access online services, and 45% have given up on purchases within the past 60 days due to issues with authentication. These occurrences have increased in frequency, occurring nearly four times per month per person, up by approximately 8% from the previous year. These poor online experiences are causing frustration among consumers and impacting businesses’ financial performance.

On a global scale, 70% of individuals have had to reset and recover passwords in the past two months due to forgetfulness, highlighting the inconvenience of passwords and their role as a major hindrance to a seamless online user experience.

The 2023 Online Authentication Barometer sheds light on the evolving landscape of online security and authentication in the Asia-Pacific region. It emphasizes the growing consumer appetite for more secure and user-friendly alternatives to traditional passwords, with biometrics emerging as a clear favorite. However, the persistence of manual password entry without additional security measures remains a concern. The rise of online threats and scams, potentially fueled by AI, underscores the urgency for service providers to adapt to advanced security methods like passkeys and on-device biometrics. With businesses and consumers experiencing the negative consequences of legacy authentication, it is evident that the time for more robust and convenient authentication solutions is now.