Ahead of World Passkey Day 2025, the FIDO Alliance commissioned an independent survey of1,389 peopleacross theU.S., U.K., China, South Korea, and Japan to provide additional insights into how authentication preferences are evolving in real time.

The research shows people continue to struggle with traditional passwords:

• 36%of respondents said they’ve had at least one account compromised due to weak or stolen passwords.
• 48%admitted they’ve abandoned an online purchase simply because they forgot their password.

Read the full results of the survey in this eBook.

Key findings

• Enterprises understand the value of passkeys and the majority are rolling out passkeys for workforce sign-ins: The majority have either deployed or are in the midst of deploying passkeys with goals tied to improved user experience, enhanced security, and standards/regulatory compliance. Those that are deploying are rolling out a mix of device-bound and synced passkeys. 
• Enterprises are prioritizing passkey rollouts to users with access to sensitive data and applications, and are leveraging communication, training and documentation to increase adoption.
• Enterprises are reporting significant security and business benefits after rolling out passkeys: they report positive impacts on user experience, security, cost reduction, productivity and digital transformation goals — and are seeing declines in usage of legacy authentication methods. Interestingly, these benefits directly correlate with what businesses who aren’t yet using passkeys dislike most about their current authentication methods: that they can be compromised, are costly, and difficult to use.  
• Organizations that do not have active passkey projects cite complexity, costs and overall lack of clarity about implementation as reasons, signaling a need for increased education to enterprises on rollout strategies to reduce concerns.

Registrants can watch the webinar on demand.

Global FIDO Alliance study reveals latest consumer trends and attitudes towards authentication methods and their perceived online security

Key findings

• Passkey familiarity growing – In the two years since passkeys were announced and made available for consumer use, passkey awareness has risen by 50%, from 39% familiar in 2022 to 57% in 2024.
• Password usage stagnates as consumers favor alternatives – The majority of those familiar with passkeys are enabling the technology to sign in. Meanwhile, despite passwords remaining the most common way for account sign-in, usage overall has declined as alternatives rise in availability.
• Waning password patience is costing sales and loyalty, especially among younger consumers – 42% of people have abandoned a purchase at least once in the past month because they could not remember their password. This increases to 50% for those aged 25- 34 versus just 17% for over 65s.
• Online scams and AI alarming consumers – Over half of consumers reported an increase in the number of suspicious messages they notice and an increase in scam sophistication, driven by AI. Younger generations are even more likely to agree, while older generations remain unsure how AI impacts their online security.

Online identity theft has steadily risen in recent years, while the generative AI boom has driven a new wave of deepfake-powered attacks that threaten remote enrollment and identity security. Meanwhile, bias in biometric systems has been monitored for some time, varying significantly across solutions and impacting consumer trust and perception of the technology.

As the adoption of remote identity verification technology rises, two critical concerns and challenges need to be addressed: bias and new security threats.

The FIDO Alliance recently sponsored an independent study of 2,000 respondents across the U.S. and the U.K. to understand consumer perception towards remote identity verification, online security, and biometrics. This eBook reveals those insights on remote biometric face verification, including how many people have used biometric face recognition successfully, and their opinions on verification accuracy, potential discrimination, and concerns about deepfakes.

Key findings

• Consumers want to use biometrics to verify themselves online more, especially in sensitive use cases like financial services – where one out of two people said they would use biometric technology (48%).
• One in four feel they experience regular discrimination when using automated facial biometric systems (25%).
• Equity in biometric systems is vital to trust – with half saying they would lose trust in a brand or institution (50%), with one out of five saying they’d stop using a service entirely if found to have a biased biometric system (22%).
• Over half of respondents are concerned about deepfakes when verifying identities online (52%).

Read the full results of the survey in this eBook and learn about these consumers’ experiences with biometric face verification technologies, and discover how organizations can improve global digital access, authentication, and security when leveraging these remote identity verification technologies.

To commemorate World Password Day 2024, the FIDO Alliance released an independent study of 2,000 people across the U.S. and U.K. to understand how passkey usage and consumer attitudes towards authentication are evolving. This eBook reveals the 2024 trends with consumer passkey awareness, including how many people have adopted passkeys and their opinions on the new era of passwordless authentication.

Highlights from the research show consumer passkey awareness and adoption are on the rise:

• A majority of people are aware of passkey technology (62%).
• Over half reported enabling passkeys on at least one of their accounts (53%).
• When they adopt at least one passkey, nearly 1 out of 4 enables a passkey whenever possible (23%).
• A majority believe passkeys are more secure (61%) and more convenient than passwords (58%).

Read the full results of the survey in this eBook and learn how passkey adoption is trending with consumers and organizations to improve global digital access, authentication, and security.

The FIDO Alliance maintains a large database of industry statistics related to legacy authentication methods, as well as successes companies have achieved by deploying FIDO. The statistics on the Alliance homepage come from these sources: 

The Password Problem

77%

Hacking-related breaches involve stolen credentials

Source: 2024 Verizon Data Breach Report

4,151%

Rise in malicious phishing emails since ChatGPT launched in 2022

Source: SlashNext 2024 State of Phishing Report

856%

Rise in malicious emails in the last six months

Source: SlashNext 2024 State of Phishing Report

53%

Consumers have detected more suspicious messages and online scams in 2024

Source: FIDO Alliance 2024 Authentication Barometer

The Benefits of FIDO are Clear

82%

Faster sign-in times

Source: Mercari 

93%

Higher sign-in success rate

Source: eBay

4x

Improvement in sign-in success rate (vs passwords)

Source: Google

50%

Reduction in abandonment rates

Source: Air New Zealand

0%

Number of credential stuffing attacks*

Source: Air New Zealand

0%

Number of phishing attacks*

Source: Mercoin

95%

Password reset reduction

Source: HYPR

*100% passwordless environments

In research conducted alongside LastPass, we dig into understanding:

• Why businesses are looking to passwordless authentication to secure their data;
• How and when they plan on implementing passwordless technology within their organization;
• The important role of passkeys in this passwordless future.

Increased desire for biometrics and awareness of passkeys increases imperative on service providers to enable stronger, more user-friendly sign-ins

Summary of key findings: 

• Password usage without two-factor authentication (2FA) is still dominant across use cases – consumers enter a password manually nearly 4 times a day, or 1,280 times a year
• But when given the option, users want other authentication methods – biometrics is both the preferred method for consumers to log-in and what they believe is most secure, while awareness of passkeys continues to grow
• Online scams are becoming more frequent and more sophisticated, likely fuelled by AI – over half (54%) have seen an increase in suspicious messages and scams, while 52% believe they have become more sophisticated
• The impact of legacy sign-in methods is getting worse – the majority of people are abandoning purchases and giving up accessing services online – this is 15% more likely than last year at nearly four times per month per person

October 16, 2023 – FIDO Alliance today publishes its third annual Online Authentication Barometer, which gathers insights into the state of online authentication in ten countries across the globe. New to the Barometer this year, FIDO Alliance has also begun tracking consumer perception of threats and scams online in a bid to understand anticipated threat levels globally. 

Key findings 

The 2023 Online Authentication Barometer found that despite widespread usage of passwords lingering on, consumers want to use stronger, more user-friendly alternatives. Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases tracked – including accessing work computers and accounts (37%), streaming services (25%), social media (26%), and smart home devices (17%). Consumers enter a password manually nearly four times a day on average, or around 1,280 times a year. The only exceptional scenario to this trend was financial services, where biometrics (33%) narrowly beat passwords (31%)* as the most used sign-in method. 

This is especially interesting considering biometrics’ rising popularity as an authentication method. When asked what authentication method people consider most secure and the method they most prefer using, biometrics ranked as favourite in both categories, rising around 5% in popularity since last year. This suggests that consumers want to use biometrics more but don’t currently have the opportunity.  

“This year’s Barometer data showed promising signs of shifting consumer attitudes and desire to use stronger authentication methods, with biometrics especially proving popular. That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage,” commented Andrew Shikiar, Executive Director and CMO at FIDO Alliance. 

Scams are getting more frequent and more sophisticated – likely fuelled by AI 

This year’s Barometer also unearthed consumer perception of threats and scams online. 54% of people have noticed an increase in suspicious messages and scams online, while 52% believe these have become more sophisticated. 

Threats are seen to be active across several channels, but primarily email, SMS messages, social media, and fake phone or voicemails. The increased accessibility of generative AI tools is a likely driver of this rise in scams and phishing threats. Tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cybercrime, have made crafting compelling social engineering attacks far simpler, more sophisticated, and easier to do at scale. Deepfake voice and video are also being used to bolster social engineering attacks, tricking people into thinking they are talking to a known trusted person.  

Shikiar added: “Phishing is still by far the most used and effective cyberattack technique, which means passwords are vulnerable regardless of their complexity. With highly accessible generative AI tools now offering bad actors the means to make more convincing and scalable attacks, it’s imperative consumers and service providers listen to consumers and start to look at non-phishable and frictionless solutions like passkeys and on-device biometrics more readily available, rather than iterating on ultimately flawed legacy authentication like passwords and OTPs.” 

Passkeys, which provide secure and convenient passwordless sign-ins to online services, have grown in consumer awareness despite still being live just over a year, rising from 39% in 2022 to 52% awareness today. The non-phishable authentication method has been publicly backed by many big players in the industry – Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple, with other brands like PayPal also making these available to consumers in the last twelve months.  

The impact of legacy sign-ins worsens for businesses and consumers 

The negative impact caused by legacy user authentication was also revealed to be getting worse. 59% of people have given up accessing an online service  and 43% have abandoned a purchase in the last 60 days, with the frequency of these instances rising year on year to nearly four times per month, per person, up by around 15% on last year. Poor online experiences are ultimately hitting businesses’ bottom lines and causing frustration among consumers. 

70% of people have had to reset and recover passwords in the last two months because they’d forgotten them, further highlighting how inconvenient passwords are and their role as a primary barrier to a seamless online user experience. 

ENDS

Notes to editors:

• Research for the FIDO Alliance’s Online Authentication Barometer was conducted by Sapio Research among 10,010 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India and China.
• *The answer option “Logging in via social sign-in” has been disregarded for the question specific to social media accounts, due to the answer option being included through an error 

About the FIDO Alliance 

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

PR Contact 
press@fidoalliance.org

As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?

To find out, we conducted a survey of 1,000 U.S. consumers, and created a research report. View the report here.

Download the “2019 State of Authentication Report” by Javelin Research The report, sponsored by FIDO Alliance, analyzes the state of customer and enterprise (employee) authentication amongst U.S. businesses. It examines how strong authentication is evolving, and offers a detailed breakdown on the factors influencing industries’ adoption of authentication solutions.

Javelin Strategy & Research’s “The State of Strong Authentication 2019″ contains an analysis on the state of consumer and enterprise authentication among U.S. businesses and the role that strong authentication is playing in protecting accounts and securing access to valuable data and critical systems.

Download the report now to find out:

• What technologies enterprise and consumer-facing businesses should be considering for strong authentication, including cryptographically-backed authentication and how it differs from traditional forms of authentication like SMS OTPs

• The role of regulation including PSD2, GDPR and state privacy laws in driving strong authentication adoption

• What strong authentication holdouts should know about data protection and threats in 2019

• How cryptographically-backed strong authentication has been standardized by FIDO Alliance and W3C, and is available today in browsers and mobile app platforms

• How Google, Tradelink, and Visa are using FIDO standards to provide stronger protection for customer and employee accounts

Download the “The State of Authentication Report”