Even with tepid growth, passwordless authentication gets deployed in unproductive ways

A pair of vendor surveys just out offer little in the way of hope for rapid adoption of identity authentication practices among businesses.

The authentication association FIDO Alliance has published a 10-nation survey of authentication practices that finds password use in businesses has declined, but only by 5 percent to 9 percent in the last year.

They remain the most-popular method of authentication, according to the annual study. Almost as many people in the metaverse are using passwords, too.

In fact, use of one-time passwords as multi-factor authentication grew by just 1 percent to 4 percent over the last year.

More than sterile market facts, the continued dominance of passwords resulted in 59 percent of people who had been trying to access online services but abandoned the process. Forty-three percent gave up on a purchase in any given month in the past year.

The 10 nations queried were the United States, the United Kingdom, France, Germany, Australia, Singapore, Japan, South Korea, India and China.

The second questionnaire, prepared by passwordless authentication vendor Secret Double Octopus with help from Dimensional Research, found that fewer than one in five executives surveyed said that multi-factor universality had yet to be achieved in their companies.

The survey received responses from more than 310 IT professionals worldwide, at companies with at least 1,000 employees, and who have responsibility for or knowledge of their organizations’ ID access management decisions and strategy.

Problems go deeper still, even among organizations that have adopted biometric multi-factor authentication, according to the survey, executives have created an IAM tower of Babel.

Half of those adopting this more powerful tool for authentication are using the systems of two or three vendors. One in five are involved with four or more vendors. That mostly means confused systems management, according to Octopus.

Only a third reported deploying the systems of just one vendor.

Perhaps more concerning, according to the survey, is the finding that some companies that want to do away with passwords are adopting “passwordless-like” products. In these instances, passwordlessness is promised by a vendor, but passwords remain a part of the overall system, and employees still have to know them, according to Octopus.

Meanwhile at the FIDO Alliance’s Authenticate 2022, Socure VP and Head of Public Sector Strategy Jordan Burris points out that any authentication, including advanced and properly-implemented MFA, is susceptible to impersonation if the identity verification processes underlying authenticator issuance are not secure. A holistic picture put together with machine learning can help in the online environment, he suggests.

Article Topics

access management  |  Authenticate Conference  |  biometric authentication  |  biometrics  |  FIDO Alliance  |  multifactor authentication  |  passwordless authentication  |  Secret Double Octopus  |  Socure