MOUNTAIN VIEW, CA, April 8, 2021 —  The FIDO Alliance announced new research today revealing that 45% of consumers have had their social media accounts compromised or know a friend or family member who has. The same research found that almost 60% of respondents were the most concerned about protecting their phones (over another device) when it comes to the security of their social media accounts. Over 4000 people in North America, the UK, France and Germany were polled in March 2021 for the research. 

The findings reveal the larger scale of the social media security problem, following several attacks on the social media accounts of high-profile individuals in recent months, including Elon Musk, Bill Gates, Jack Dorsey, and senior NHS leaders. The research shows that these attacks are not limited to the highest profile individuals.

Despite this, the FIDO Alliance research shows that social media hacks are not necessarily prompting consumers to take security action. This research shows that 40% of consumers do not increase security on their social media accounts when they see celebrities, politicians or large companies hacked, but feel like they should.  

“You may think that well-known individuals with mass followings are the only target, but our research shows that a much larger number of people have been affected,” said Andrew Shikiar, executive director of the FIDO Alliance. “Social media accounts are prime targets, as they hold so much of a user’s personally identifiable information (PII). Yet, our research shows a disconnect between the need for stronger security for social media accounts and consumer awareness of how to take action.” 

The FIDO Alliance research identified a substantial lack of awareness and neglect for the use of two-factor authentication technologies offered by social media service providers. 26% of people said they were either not familiar with two-factor options or not using them. Similarly, some respondents (15%) said they would like to increase the security of their accounts but don’t know how. Another finding which highlights this lack of understanding or awareness on these issues, was the fact that 4 out of 10 people could not make a judgement on whether they believed they were vulnerable or not to a social media hack. 

For those who have taken action to better secure their social accounts, creating a stronger password was the most popular method for 50% of the respondents, an action that still leaves them vulnerable to some of the most common and effective attacks, such as phishing.

Shikiar says, “The research is showing us that there is a general lack of awareness among consumers about how to assess their own risk of falling victim to social media hacks. They are also unsure as to what steps should be taken to best protect their accounts. Social media platforms like Twitter and Facebook have made much stronger security options available. Consumers just need to know what they are, how easy they are to use and how to turn them on.”

For consumers that want to increase the security of their accounts, social media platforms provide a number of options with varying levels of protection:

• All social media services offer basic two-factor authentication options via a one-time passcode. Once this is turned on, an SMS code is sent to the user’s mobile device and entered during sign-in. Because SMS codes are still able to be phished, accounts are still vulnerable to targeted attacks.
• For maximum security, social media providers are increasingly adding support for physical FIDO security keys. These are small, portable high-security devices that connect to a phone or computer via USB, Bluetooth or NFC. Simply touching this device during sign-in protects accounts from a targeted attack 100% of the time. Most social media services, including Twitter and Facebook, now offer the option to enable FIDO security keys for mobile and desktop access.

Since its inception, the FIDO Alliance has established technical specifications that are now the trusted standard for user authentication on the devices and web browsers used every day. FIDO Authentication removes the reliance on passwords and stands to turn the tide in the industry’s battle against data breaches and credential theft. In 2020, the Alliance debuted loginwithFIDO.com, a site to inform consumers about FIDO Authentication technologies available to help them secure their authentication processes.

For a full copy of the FIDO Alliance Consumer Research Report: https://fidoalliance.org/social-media-survey. 

Methodology

The survey was conducted among 4,026 Consumers across the UK, US, France, and Germany.

The interviews were conducted online by Sapio Research in March 2021 using an email invitation and an online survey.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

The post New FIDO Alliance Research Finds 45% of Consumers Have Fallen Victim To Social Media Hacks Or Know Someone Who Has appeared first on FIDO Alliance.

As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?

To find out, we conducted a survey of 1,000 U.S. consumers, and created a research report.

The post Authentication Attitudes, Usage & FIDO Brand Research Report appeared first on FIDO Alliance.

To find out, we conducted a survey of 1,000 U.S. consumers – the results of which were shared on this webinar. These slides include the findings from our research and how you may be able to utilize the data for your own FIDO offerings and/or deployments. Find the slides here.

The post Webinar: Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com appeared first on FIDO Alliance.

To find out, we conducted a survey of 1,000 U.S. consumers – the results of which were shared on this webinar. These slides include the findings from our research and how you may be able to utilize the data for your own FIDO offerings and/or deployments. Find the video here.

The post Webinar: Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com appeared first on FIDO Alliance.

Get the answer to this question and more in this video on the report, featuring Al Pascual, senior vice president and research director, Javelin Strategy & Research and Andrew Shikiar, CMO, FIDO Alliance. These speakers share analysis on the state of consumer and enterprise authentication among U.S. businesses and the role that strong authentication is playing in protecting accounts and securing access to valuable data and critical systems.

The post Javelin Research’s State of Strong Authentication 2019 Report appeared first on FIDO Alliance.

Get the answer to this question and more in this video on the report, featuring Al Pascual, senior vice president and research director, Javelin Strategy & Research and Andrew Shikiar, CMO, FIDO Alliance. These speakers share analysis on the state of consumer and enterprise authentication among U.S. businesses and the role that strong authentication is playing in protecting accounts and securing access to valuable data and critical systems.

The post Javelin Research’s State of Strong Authentication 2019 Report appeared first on FIDO Alliance.

Download the “2019 State of Authentication Report” by Javelin Research The report, sponsored by FIDO Alliance, analyzes the state of customer and enterprise (employee) authentication amongst U.S. businesses. It examines how strong authentication is evolving, and offers a detailed breakdown on the factors influencing industries’ adoption of authentication solutions.

Javelin Strategy & Research’s “The State of Strong Authentication 2019″ contains an analysis on the state of consumer and enterprise authentication among U.S. businesses and the role that strong authentication is playing in protecting accounts and securing access to valuable data and critical systems.

Download the report now to find out:

• What technologies enterprise and consumer-facing businesses should be considering for strong authentication, including cryptographically-backed authentication and how it differs from traditional forms of authentication like SMS OTPs

• The role of regulation including PSD2, GDPR and state privacy laws in driving strong authentication adoption

• What strong authentication holdouts should know about data protection and threats in 2019

• How cryptographically-backed strong authentication has been standardized by FIDO Alliance and W3C, and is available today in browsers and mobile app platforms

• How Google, Tradelink, and Visa are using FIDO standards to provide stronger protection for customer and employee accounts

Download the “The State of Authentication Report”

The post The State of Strong Authentication 2019 Report appeared first on FIDO Alliance.

Last month, the FIDO Alliance was in Tokyo where we hosted a standing-room-only seminar to inform key industry stakeholders of the latest updates around FIDO Authentication and activities in Japan. From the news shared, it’s very clear that 2017 was a year of great progress for FIDO Authentication in Japan, particularly in fintech. This is in line with what we’re seeing globally, where organizations are recognizing they need to reduce their reliance on passwords and other older forms of authentication, and move towards FIDO Authentication that is stronger and easier to use.  

The first example of this is the growing membership in the FIDO Japan Working Group (FJWG), which was formed in December of 2016 and is the center of the FIDO Alliance’s business activities in Japan. Membership in the FJWG more than doubled to 25 companies this year, consisting of many global leading organizations with vested interest in the Japanese market. Most recently, Japan’s only international payment brand, JCB, joined and is actively taking part in working group activities. Additionally, mobile network operator KDDI has joined FIDO as a member – meaning that all three of Japan’s MNOs are now actively taking part in the organization.

The Alliance and the FJWG is clearly making an impact, as deployments of FIDO Authentication by major organizations has accelerated in Japan (and throughout Asia) over the past year. Most often these deployments utilize FIDO biometric authentication on mobile devices. Some examples of FIDO rollouts this year include:

• Fujitsu launched “Finplex Online Authentication Service for FIDO,” which was adopted by Mizuho Bank’s “Mizuho Direct” application for customer login

• NEC Corporation deployed FIDO authentication for mobile identity proofing based on face recognition, which is starting to be utilized by the Bank of Okinawa

• Dai Nippon Printing Co., Ltd. (DNP) announced the launch of an identity proofing service based on FIDO authentication which is an active Proof of Concept with the Japan Net Bank, Ltd.

Notably, the Alliance also announced the first certified implementation of FIDO UAF 1.1. NTT DOCOMO now supports the protocol in its d ACCOUNT() application. This implementation showcases an important enhancement to the FIDO UAF specification — support for native hardware-backed key attestation in Android 8.0. This means that all developers and service providers now have APIs for adding FIDO Authentication to native applications they build on any Android 8.0 (or later) device. This brings substantial time and cost savings over past implementations that required custom integration for each device model to enable FIDO UAF authentication capabilities. Get all of the details on this important news at https://fidoalliance.org/first-fido-uaf-1-1-implementations-ease-deployment-advanced-biometric-authentication-android-devices/

From these roll outs, tens of millions of online users in the Japanese market are now experiencing the more secure, faster and convenient experiences that FIDO Authentication provides — while deploying organizations enjoy the benefit of lower fraud risk.

The post Commercial Momentum for FIDO Authentication Accelerates in Japan appeared first on FIDO Alliance.

MONEY20/20 LAS VEGAS, October 24, 2017 — Businesses are continuing to rely on passwords, and those that are implementing additional authentication factors are choosing outdated options like static questions and SMS one-time passwords (OTPs) that leave them vulnerable to data breaches, according to Javelin Strategy & Research’s new “2017 State of Authentication Report” released today. Javelin recommends businesses adopt readily-available high-assurance strong authentication, which utilizes public key cryptography as one of multiple factors, to bolster security in light of increasingly effective attacks against traditional authentication methods.

The report, sponsored by the FIDO Alliance, analyzes the state of customer and enterprise (employee) authentication amongst U.S. businesses. It examines how strong authentication is evolving, and offers a detailed breakdown on the factors influencing industries’ adoption of authentication solutions. It is available for download at https://fidoalliance.org/2017-state-authentication-report/.

The report’s key findings show:

• In most cases the only thing between company IP and hackers is a password: The mass compromise of passwords has contributed to increased risk of fraud on consumer accounts and network-level attacks from credential-stuffing botnet attacks, yet over half of all businesses still use only passwords to protect company IP and financial data.
• Companies are more likely to offer strong authentication to their customers than their employees within the enterprise, but both segments are lagging in adopting high-assurance strong authentication: 50 percent of businesses offer at least two factors when authenticating their customers but only 35 percent of enterprises use two or more factors for authenticating their employees to data and systems. Amongst both, high-assurance strong authentication is rare — only five percent of businesses offer the capability to customers or leverage it within the enterprise.
• Companies still rely upon knowledge and not possession: The weakest authentication factors remain the most popular and common, and they’re based on knowledge, not possession. Businesses are using passwords plus static questions (31 percent) or SMS OTPs (25 percent) as their additional factors for customer authentication online. In enterprise, the next most common authentication method to passwords is static questions (26 percent). Factors predicated on possession such as a security key or on-device biometrics remain the exception and not the norm.
• Integration and user experience are the priority: Companies’ implementation of authentication solutions is mostly driven by a solution’s ease of integration, according to the report. Also, if a solution has a perceived negative impact on the user experience, companies will resort to the easier second factors like static security questions.

“Not all multi-factor authentication combinations are created equal, and it’s time to set a new yardstick with which to measure strong authentication methods, with the strongest deemed ‘high assurance’,” said Al Pascual, senior vice president and research director, Javelin Strategy & Research. “Many consumer devices are coming equipped with built-in capabilities that enable high-assurance strong authentication, reducing costs and complexity for all stakeholders. We believe that the adoption of high-assurance strong authentication will only increase in the months and years to come — and data breaches as the result of credential theft to decline.”

High-assurance strong authentication is not susceptible to phishing, man-in-the-middle and/or other attacks targeting credentials — which are known vulnerabilities with passwords, static questions and OTPs. Javelin recommends companies strongly consider high-assurance strong authentication:

• To bolster authentication after a breach. Supplement and possibly knowledge factor solutions. In the event of a breach, businesses would do well to layer additional, high-assurance authentication solutions simultaneously with their remediation plan.
• As a differentiator when emphasizing the value proposition with prospective clients. Using high-assurance strong authentication is both an effective preventative measure and a message to prospects and clients that they are safe doing business with a vendor.
• Where it counts within the enterprise. Anything internet-facing and internal systems that are attractive targets for insider threats should have high-assurance strong authentication.

“So many of our commercial transactions today take place over the internet, and we’ve seen time and again that passwords, and even one-time-passcodes, do not provide sufficient protection against today’s threats,” said Brett McDowell, executive director, FIDO Alliance. “Stronger ‘high-assurance’ authentication options that bind credentials to the device so they cannot be stolen are now widely available and this report provides businesses a clear guide to make those options available to both customers and employees.”

Javelin’s Al Pascual and the FIDO Alliance’s Brett McDowell will discuss the “2017 State of Authentication Report” during a workshop, “Identity is Fundamental: What You Need to Know About Identity & The Future of Money” on Oct. 25 at Money20/20. For more details, visit: https://us.money2020.com/sessions/identity-is-fundamental-what-you-need-to-know-about-identity-the-future-of-money

Anyone interested taking a deep dive into the 2017 State of Authentication Report should attend a free webinar on Thursday, Nov. 16 at 12:00pm ET. Register here for the Javelin Research 2017 State of Authentication Report Webinar. 

Report methodology:

The “2017 State of Authentication Report” was developed by Javelin Strategy & Research and sponsored by the FIDO Alliance. The report findings are based on data and insights gathered from two online surveys of 200 businesses who possess authenticated customer online or mobile portals and 200 businesses who possess authenticated employee portals. Findings are also augmented by in-depth interviews conducted with industry executives in roles influencing enterprise authentication policies.  The definition of High Assurance Strong Authentication is based on updated guidance from the National Institute of Standards and Technology (NIST SP800-63-3).

About FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The post Javelin Study Finds Authentication at Crossroads as Password Reliance Persists, Availability for Stronger Options Increases appeared first on FIDO Alliance.

The post Javelin Strategy & Research’s 2017 State of Authentication Report appeared first on FIDO Alliance.