Auth0, a global leader in Identity-as-a-Service (IDaaS), today announced key findings on how companies are approaching the Customer Login Experience as new technologies like Passwordless, Multifactor Authentication, and social login options become more prevalent. According to anonymized data collected in May from a large sampling of Auth0 customers across all verticals, including financial services, media, retail, transportation, SaaS, and more, Auth0 found that companies are eager to embrace and adopt methods for streamlining the login process, suggesting that we should see an increase in passwordless usage in the near future.
The emergence of FIDO 2.0 and WebAuthn have encouraged more companies to take the leap into a passwordless future. Auth0’s customers are leading the charge, with 19.4 percent already using its Passwordless feature, allowing developers to easily enable sign-in to apps without the need for passwords – a feature that Auth0 has offered since 2015.
The shift toward passwordless is a strategic one, considering that password changes are quite common for Auth0’s customers that use them as a login method. Customers in the staffing & recruiting industry see 48.21 percent of their customers requesting a password change, followed by transportation (39.79 percent), federal (23.01 percent), and financial services (18.58 percent), the most common reason being forgotten passwords. “Gartner predicts that, through the end of 2020, enterprises that invest in new authentication methods and compensating controls will experience 50% fewer identity-related security breaches than peers that do not (Gartner).”1
As the industry evolves to a possibly passwordless future, the current state of the industry still finds a predominant use of passwords as the primary means of logging in. Before making the leap into passwordless, many companies have implemented social login as an easier way to consolidate secure logins.
Auth0 provides support for 30+ social providers, which 72 percent of its customers take advantage of, easing the login process for their users. The top five most widely used social login sites for Auth0 customers are: Google (60.3 percent), Facebook (24.1 percent), LinkedIn (8.8 percent), GitHub (7.1 percent), and Windows Live (6.8 percent). These percentages may shift in coming months based on recent news about how Cambridge Analytica handled Facebook data, which is a cautionary tale for organizations about the implications of data breaches.
With the prevalence of passwords still being used, the best way to protect identity credentials is to employ a feature like Multifactor Authentication (MFA), which only 11.4 percent of Auth0 customers currently provide to their users. Of these customers, the top three industries consist of healthcare, manufacturing, followed by government. Adoption rates of MFA are on the low end due to the perception of added friction it supposedly creates for users, but it’s a critical feature for stopping phishing attacks, as well as decreasing the probability of getting hacked. In addition to this essential security layer, customers are relying on additional risk-based MFA that accommodates factors such as geographic location, IP filtering, type of device, which is a huge benefit with today’s global workforce.
“The login experience is continually changing based on user demand and the need to protect against today’s sophisticated cybercriminal landscape. Passwordless is a signal of the kind of industry change we are all heading toward,” said Martin Gontovnikas, VP of Marketing and Growth at Auth0. “The insights we continually gather from our fantastic in-house data team fuel the continued innovation of our platform so customers stay several steps ahead in this constantly changing industry.”
1 Gartner Smarter with Gartner, Aim for a Workable Password Policy, Not a Perfect One October 9, 2017, https://www.gartner.com/smarterwithgartner/aim-for-a-workable-password-policy-not-a-perfect-one/