An event powered by
Close this search box.

Passwords are no longer sufficient alone to protect accounts, and we know it

Biometric technology will see an esponential rise by 2025, says a Lawless Research


This research shows that passwords are no longer sufficient alone to protect and secure accounts. Stolen credentials and weak passwords have made companies vulnerable to online attacks, with nine in ten companies victimized by fraud in the past year. Cybercrime exacts a high cost on businesses in the form of financial losses, damage to brand and loss of customers.

To protect their users and thwart fraudsters, businesses are using multiple layers of authentication including two-factor authentication and newer technologies such as behavioral biometrics. Companies are adopting behavioral biometrics to prevent fraudulent transactions, add a layer of security and prevent account takeovers.

Study Highlights

Passwords are no longer sufficient alone to protect accounts

  • 69% of companies say that usernames and passwords alone no longer
    provide sufficient security
  • 3 in 4 companies employ usernames and passwords, but only 7% of companies rely solely on usernames and passwords
  • 36% of companies foresee that they will do away with passwords in 1 to 4 years, and another 36% predict they will no longer use them in 5 to 9 years.
  • Passwords are a high-friction authentication method—companies say their users are frustrated by forgetting their username and password (58%) and entering their username and password (30%)

Fraud is pervasive and the impacts are high

  •  In the past year, 90% of companies experienced fraud—the most common types are spam or phishing attacks (42%), payment or credit card fraud (35%) and fake account fraud (29%)
  • The impact of fraud is high, with 42% of companies saying they experienced financial losses
  • Fraud also increased employee time to correct the fraud (45%) and caused a loss of user trust (34%)
  • 79% are extremely or very concerned about account takeovers (ATOs)
  • 28% of companies were victims of account takeover and costs were higher for these companies—51% had financial losses, 42% lost customers or users, and 42% experienced damage to the company brand

Multi-layer authentication is standard practice for augmenting password security

  • Companies use an average of 3.4 methods to authenticate users; companies with 10 million or more users employ an average of 4.3 methods.
  • 86% of companies are extremely or very concerned about authenticating the identity of web and mobile app users.
  • After username and password (74%), knowledge-based authentication (50%), CAPTCHA (44%), and two-factor authentication (41%) are the most commonly used authentication methods.
  • The top selection criteria for authentication solutions are effectiveness (53%), functional capabilities (28%) and user experience (26%). Use of behavioral biometrics is poised to grow dramatically
  • 76% of companies have implemented or plan to implement behavioral biometric: 22% are already using the technology and 54% plan to implement behavioral biometrics in 2016 or later
  • 90% of respondents rate behavioral biometrics as an extremely or very valuable technology for increasing account security beyond password protection.
  • 83% agree that behavioral biometrics would increase security without adding friction to the user experience. Majority of companies will be using two-factor authentication within the next 12 months
  • 44% of companies are likely to implement 2FA within the year, adding to the 41% of companies that already have 2FA in place.
  • 92% of respondents agree that 2FA combined with passwords increases account security

Key findings

Use of behavioral biometrics is poised to grow dramatically. Behavioral biometrics has emerged as a secure, frictionless method to stop increasingly savvy fraudsters from hijacking legitimate user accounts. Behavioral biometrics is designed to prevent account takeovers by continuously authenticating web and mobile app users.

The technology works by recognizing users based on their behavior patterns, such as keystrokes, mouse dynamics and screen interactions. It then uses these patterns to identify anomalies between “approved” users and “bad actors.” User experience is an important selection criteria and organizations recognize the value of behavioral biometrics as a way to increase account security without degrading the user experience.

Two in 10 companies have implemented behavioral biometrics and another five in 10 plan to add it as part of their multilayer authentication strategy. The primary drivers for
implementation are to prevent fraudulent transactions, add another layer of security and prevent account takeovers.

Read the full research here


cover photo by Markus Spiske on Unsplash


Maker Faire Rome – The European Edition has been committed since eight editions to make innovation accessible and usable to all, with the aim of not leaving anyone behind. Its blog is always updated and full of opportunities and inspiration for makers, makers, startups, SMEs and all the curious ones who wish to enrich their knowledge and expand their business, in Italy and abroad.

Follow us, subscribe to our newsletter: we promise to let just the right content for you to reach your inbox