back Back

AI-driven phishing attacks are driving demand for password alternatives, study shows

By Puja Sharma

October 17, 2023

  • AI
  • Authentication
  • biometric
Share

Scams, AIIncreased desire for biometrics and awareness of passkeys increases imperative on service providers to enable stronger, more user-friendly sign-ins

The FIDO Alliance published its third annual Online Authentication Barometer, which gathers insights into the state of online authentication in ten countries across the globe. New to the Barometer this year, FIDO Alliance has also begun tracking consumer perception of threats and scams online in a bid to understand anticipated threat levels globally.

The 2023 Online Authentication Barometer found that despite widespread usage of passwords lingering on, consumers want to use stronger, more user-friendly alternatives. Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases tracked – including accessing work computers and accounts (37%), streaming services (25%), social media (26%), and smart home devices (17%). Consumers enter a password manually nearly four times a day on average, or around 1,280 times a year. The only exceptional scenario to this trend was financial services, where biometrics (33%) narrowly beat passwords (31%) as the most used sign-in method.

This is especially interesting considering biometrics’ rising popularity as an authentication method. When asked what authentication method people consider most secure and the method they most prefer using, biometrics ranked as favourite in both categories, rising around 5% in popularity since last year. This suggests that consumers want to use biometrics more but don’t currently have the opportunity.

“This year’s Barometer data showed promising signs of shifting consumer attitudes and desire to use stronger authentication methods, with biometrics especially proving popular. That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage,” said, Andrew Shikiar, Executive Director and CMO of the FIDO Alliance. 

Scams are getting more frequent – likely fuelled by AI

This year’s Barometer also unearthed consumer perception of threats and scams online. 54% of people have noticed an increase in suspicious messages and scams online, while 52% believe these have become more sophisticated.

Threats are seen to be active across several channels, but primarily email, SMS messages, social media, and fake phone or voicemails. The increased accessibility of generative AI tools is a likely driver of this rise in scams and phishing threats. Tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cybercrime, have made crafting compelling social engineering attacks far simpler, more sophisticated, and easier to do at scale. Deepfake voice and video are also being used to bolster social engineering attacks, tricking people into thinking they are talking to a known trusted person.

Shikiar added, “Phishing is still by far the most used and effective cyberattack technique, which means passwords are vulnerable regardless of their complexity. With highly accessible generative AI tools now offering bad actors the means to make more convincing and scalable attacks, it’s imperative consumers and service providers listen to consumers and start to look at non-phishable and frictionless solutions like passkeys and on-device biometrics more readily available, rather than iterating on ultimately flawed legacy authentication like passwords and OTPs.”

Passkeys, which provide secure and convenient passwordless sign-ins to online services, have grown in consumer awareness despite still being live just over a year, rising from 39% in 2022 to 52% awareness today. The non-phishable authentication method has been publicly backed by many big players in the industry – Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple, with other brands like PayPal also making these available to consumers in the last twelve months.

The impact of legacy sign-ins worsens for businesses and consumers

The negative impact caused by legacy user authentication was also revealed to be getting worse. Around 59% of people have given up accessing an online service and 43% have abandoned a purchase in the last 60 days, with the frequency of these instances rising year on year to nearly four times per month, per person, up by around 15% on last year. Poor online experiences are ultimately hitting businesses’ bottom lines and causing frustration among consumers.

Around 70% of people have had to reset and recover passwords in the last two months because they’d forgotten them, further highlighting how inconvenient passwords are and their role as a primary barrier to a seamless online user experience.

Key findings:

  • Password usage without two-factor authentication (2FA) is still dominant across use cases – consumers enter a password manually nearly 4 times a day, or 1,280 times a year
  • But when given the option, users want other authentication methods – biometrics is both the preferred method for consumers to log-in and what they believe is most secure, while awareness of passkeys continues to grow
  • Online scams are becoming more frequent and more sophisticated, likely fuelled by AI – over half (54%) have seen an increase in suspicious messages and scams, while 52% believe they have become more sophisticated
  • The impact of legacy sign-in methods is getting worse – the majority of people are abandoning purchases and giving up accessing services online – this is 15% more likely than last year at nearly four times per month per person

Previous Article

October 17, 2023

FinTech AirPak taps ThetaRay to strengthen AML compliance

Read More
Next Article

October 17, 2023

Adyen & NewStore enable Tap to Pay on iPhone in Australia

Read More






IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related News

Today

9fin raises $50m to build debt capital markets technology

Read More

November 29, 2024

The Weekly Wrap: all you need to know by Friday COB | November 29th

Read More

November 28, 2024

Is deposit protection the boost Oman’s Islamic finance needs?

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q3 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More