Date : 19-Oct-2021
Location: Singapore

Organization:

• FIDO Alliance,was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords.

Key Takeaways:

• The FIDO Alliance today launched its Online Authentication Barometer to track the uptake of secure authentication technologies among the general public.
• The Online Authentication Barometer provides baseline insights into the state of online authentication in 10 countries across the globe, including 6 in Asia Pacific, with future releases of the barometer able to compare changes in behaviors and attitudes over time.

Spokepersons:

• Andrew Shikiar, Executive Director & CMO of the FIDO Alliance,said, password-based authentication is responsible for majority of security breaches such as data breaches, ransomware and whatnots.

• Passwords still prevail over other, more secure authentication methods — 55% of respondents (including 65% in Singapore) used them to log into financial services accounts in the last 60 days
• Biometrics are gaining traction, both in perception of security and usage — 30% of. respondents think it is the most secure authentication method, and it is the preferred method for 29%.
• Many consumers still don’t know what action to take to secure their accounts — stated by 38% of people that didn’t take any steps to improve their online security.
• Many consumers wrongly believe that taking action to strengthen a password is the best way to secure their account — 18% of people believe this.
• The FIDO Alliance Online Authentication Barometer research was conducted among 10,000 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India and China. The interviews were conducted online by Sapio Research in September 2021 using an email invitation and an online survey. 

Best Practices:

• Major platform and device manufacturers including Apple, Google and Microsoft have begun adopting possession-based, passwordless alternatives into their core product offerings to improve security and convenience.

• The industry at large must shift towards possession-based factors such as biometrics and security keys that are not susceptible to remote attacks such as phishing, credential stuffing and various forms of social engineering that frankly are difficult if not impossible for the average user to detect.

Editor's comments:

• The weakest link in the whole episode of data breaches associated with password-based authentication is when a trusted server encountered data breaches and passwords of login accounts got leaked out to the black market. When this happens, the server owner will make a public announcement on the incident, and forces all users to change the login passwords.
• And this type of data breach accounts for majority of the incidents, whilst it is possible that a password could be stolen from an individual PC infected with malware, such incidents are usually unreported and unheard of,usually is just a hypothesis.