Biometrics Emerge as Favoured Authentication Method, Says FIDO Study

SINGAPORE (October 18, 2023) – The FIDO (Fast Identity Online) Alliance yesterday launched their third annual Online Authentication Barometer, which details the state of online authentication in the ten countries, including Australia, China, Japan, India, Singapore and South Korea in the Asia-Pacific region.

According to the findings of the survey, Internet users are keen on using stronger but more user-friendly alternatives to passwords. Passwords being entered manually continues to be done as much as 4 times a day, or 1,200 times a year, though 2-step authentication process is not the dominant process observed. Given the choice, users opt for other methods of authentication, such as biometrics, which they believe is the most secure form of user verification. Notably, Singapore has embraced this technology the most, with 35% indicating that biometrics is the safest method of verification and 41% choosing it as their preferred method of authentication.

Interestingly, as many as 62% of people give up on accessing services online, and 45% abandon their online purchases mid-way because they had forgotten their passwords. Still, a notable majority of consumers (58%) are aware of the increase in suspicious activities online, while 56% believe that such scams continue to become sophisticated.

“In Asia-Pacific, we see a growing interest among consumers in adopting more robust authentication methods, with biometrics emerging as a favoured choice. This year’s Barometer data supports this trend by showing that APAC consumers are on par with other regions globally in looking to reduce their reliance on legacy authentication methods. Nonetheless, the persistently high password usage without 2FA is a concern, highlighting how little consumers are offered alternatives like biometrics, resulting in lingering usage,” commented Andrew Shikiar, executive director at FIDO Alliance.

Security threats are primarily seen in email, SMS messages, social media, fake phone calls and voicemails, and are often attributed to the increased penetration of generative AI tools. FraudGPT and WormGPT are used explicitly in cybercrime with easy adaptation and scalability for sophisticated crime. Deepfake voice and video are being used to empower social engineering attacks, tricking people in to thinking that they are communicating with a trusted person.

Shikiar added: “Phishing remains the most used and effective tactic by cybercriminals to steal information, making passwords vulnerable no matter how complex they are. With new AI tools that make phishing attacks even more convincing and widespread, it’s crucial for service providers in the Asia-Pacific region to pay attention. Instead of sticking with old and unreliable methods like passwords and one-time codes (OTP), we need to start using stronger and simpler options like passkeys and on-device biometrics.”

Despite being live in the Asia-Pacific region for just over one year, Passkeys have grown in popularity among consumers; up to 58% today. The non-phishable authentication method has been publicly backed by many big players in the industry – Apple and Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, while other brands such as PayPal also making these available to consumers in the last twelve months.

Globally, 70% of people have had to reset and recover passwords in the last two months because they’d forgotten them, further highlighting how inconvenient passwords are and their role as a primary barrier to a seamless online user experience. This poor online experience ultimately affects businesses’ revenue and profits, while causing frustration among consumers.

Passkeys and biometrics are poised to be the future of authentication for safe and secure Internet use in the face of increasing cybercrime.