Have you adopted access keys or passkeys to secure your online accounts? If so, you are far from alone. Awareness and adoption of passkeys has increased since their introduction two years ago, according to a new survey from the FIDO Alliance.
For its fourth annual Online Authentication Barometer, the FIDO Alliance commissioned Sapio Research to conduct a survey to gather feedback on access keys, passwords and online security. The survey was conducted among 10,000 consumers in the United States, United Kingdom, France, Germany, Australia, Singapore, Japan, South Korea, India and China.
Password usage on the decline
More than half (57%) of respondents said they were aware of the existence of access keys, compared to 39% in 2022. Only 16% of respondents said they were unaware of the existence of access keys, compared to 28 % two years ago. Of those who know what passkeys are, 62% said they use them to secure their website and app accounts.
At the same time, the use of passwords has declined. The average percentage of respondents who manually entered a password in the past two months fell to 28% this year, compared to 38% in 2022. The need to manually enter a password is declining across various sites and apps, including financial services, business accounts, social media accounts, media and streaming services, and smart home assistants.
« Users are increasingly aware of access keys and are prioritizing their personal cybersecurity by integrating more and more access keys into their digital routines “, explains Darren Guccione, CEO and co-founder of Keeper Security.
Popular biometrics
« Access keys work using public key cryptography, where each access key consists of a private key stored locally on the device you used to create the access key, as well as a public key that is stored with the company you created your account with. This means that even in the event of a breach, cybercriminals can only access the public key, which is essentially useless without the private key. »
Security is one of the main reasons for the adoption of passkeys which typically rely on some form of biometric authentication, which is considered more secure and less hackable than passwords.
When asked which authentication methods they consider to be the most secure, 29% of respondents cited biometrics. Only 15% cited a complex password that only they would remember, while 14% cited a one-time passcode sent to their mobile device.
Methods considered less secure include autofilling a browser form to enter a password, an authenticator app, a password manager, a physical security key, and a QR code.
Users increasingly aware of threats and their sophistication
« Passwords and multi-factor authentication (MFA) raise the bar for difficulty for attackers, but are not perfect », Estimates Jason Soroko, senior member of Sectigo.
According to the survey, online scams and threats are a growing concern for consumers. More than half (53%) of those surveyed said they had seen an increase in suspicious messages and online scams this year.
Areas cited as riskier include text messages, emails, phone and voice messages, social media, instant messaging, Facebook Messenger, fake ads and fake articles. Additionally, more than half of respondents said they had seen greater sophistication around suspicious messages.
« When consumers know the access keys, they use them said Andrew Shikiar, CEO of FIDO Alliance.
« Interestingly, 20% of the world’s top 100 websites and services already support passkeys. As the industry accelerates its efforts to educate and simplify deployment, we encourage more brands to work with us to make Access Keys available to consumers. The pace of passkey deployment and usage is expected to accelerate further over the next 12 months, and we look forward to helping brands and consumers make the transition. »
