Hi, welcome to the webinar Beyond Passwords, Revolutionizing Consumer Authentication. My name is Alejandro Leal, I'm a Research Analyst at KuppingerCole and I would like to share with you some of the latest insights and market trends in this Passwordless for Consumers topic. Two months ago in May, I published a Leadership Compass report on this topic. We had 28 vendors participating, so I will share with you some of the results later in this webinar. But before we begin, just a few things to keep in mind. There's no need to mute or unmute yourself.
All of you are muted centrally, we are controlling these features. We will also be conducting three poll questions, so I would like to encourage you all to participate. It's good for us to get your perspectives and it's going to help us in our research. And we're going to be sharing the results of the polls during the Q&A at the end of the webinar, so you also have a chance to enter questions at any time using the GoToWebinar control panel. And since we're going to be recording the webinar in the next coming days, you'll be able to take a look at the recording as well as the slide deck.
Here's the agenda for today. Pretty simple. We're not going to talk much about why passwords are bad. I think we can all agree on that, and I'm sure that most of you here today are already well-educated in this topic. So we're going to be talking more about Passwordless in the consumer space. We'll also go into detail on the market trends that we see. And at the end of the webinar, we'll be sharing some of the results of the Leadership Compass report. But before we begin, here is the first poll question.
So which of the following best describes your organization's approach to consumer authentication? Passwordless authentication, MFA, including passwords, just username and password, or other, slash, not sure. I'm going to give you 15 seconds, and then we'll move on to the next slide.
Okay, moving on. I wanted to have some sort of motivational quote. I had this slide at the EIC in Berlin two months ago. I had a session on Passwordless, comparing the employee versus the consumer expectations. And when I was working on my slide deck, I asked Chad GPT if I could get a philosophical quote that represents the emergence of Passwordless authentication solutions. And he came up with this quote by Nietzsche. And I think it accurately represents the lost in faith of passwords. The industry has been talking about eliminating and replacing passwords for years, if not decades.
But we still use passwords. But I think the point here, the main takeaway is that the industry, and all of you here today, no longer believe in passwords. And what remains to be seen is how fast can we move into a passwordless future? In the next slide, we have some of the market findings that we've done. We conduct some surveys in the past, and we asked users and organizations about the primary driver for adopting passwordless authentication. And it seems like the most common thing is user experience.
Honestly, I think I would love to see the improved security increase a bit more. During the EIC, I had conversations with many passwordless vendors. And one of the main topics of conversation was account recovery. We talked about how most of the vendors that appear in the report, they still provide username and password to their customers, either for authentication or for account recovery, because they tell me that that's what their customers want. So they want to provide that option just in case. And of course, they provide several other options that are more secure.
But in my opinion, and that's something I told them, and something I also mentioned in my session at the EIC, was that if we really want to move to a passwordless future, we should not even provide username and password as an option. We need to educate people, because some of them might see username slash password as convenient, as easy. They know how to do it. They've been doing it for years. So why not? And I think the point here is to increase adoption by educating these users.
And for example, this morning, I got an email by very famous ticket sales and distribution company that had a major incident over the past few months. And the email said that my account information was breached. And they recommended me to do multiple things. And I'm not the only one who was affected. There were millions of people. And one of the things they recommended was to change my password. And I think that some of the people that were affected, they have the tendency to reuse their passwords.
So not only the cyber criminals are in possession of personal information, but they also know the passwords that we use to access our account in this platform. And if you're reusing your password in this account, as well as in your email login or any other account that you share, that's a problem. And I think with this example, it wasn't planned. It really happened to me. But it's really an example of why passwords are extremely problematic. And even though we talk about passwordless, unfortunately, we keep using passwords. In the next slide, I'd like to talk about the consumer perspective.
Previously, I mentioned that when we talk about passwordless solutions, we often think about increasing both security and convenience. But I think that if we need to increase both at the same time, increasing security should not come at the expense of convenience or vice versa. Both of them need to go up. That's going to be the win-win approach. And it's also going to facilitate adoption. Another thing to consider is the generational gaps.
I was reading a recent study that was published saying that generational Z, which is the one that I belong to, that if we do not remember our password when doing a financial transaction online or during our digital consumer experiences, that there's a 50% chance that we will abandon that session if we don't remember our passwords. And I don't think that's only for our generation, but I think anyone has dealt with that, with the frustration of that. And I don't think it's solely generational Z thing.
But something that is important is there are also studies of how the younger generations, the younger kids and the teenagers that grew up with social media platforms like TikTok or Instagram with reels and all this bombardment of content, there are studies that say that it's really affecting their attention span. So I think passwordless vendors need to consider that in the long term, how are we going to meet the expectations of younger generations, as well as dealing and addressing older generations to ensure that they are also able to benefit from these solutions.
And also there is a problem of geographical regions. What works well in North America or in Europe might not work well in Latin America, for example. So consumer focused solutions must prioritize additional functionalities than workforce solutions. Some of these include omni-channel experiences, privacy management, and the flexibility to operate on any device. Consumer solutions must also navigate the fast changing world of regulations and compliance. And it's important to state one again, that user experience cannot be overstated, but it cannot be at the expense of security.
So by understanding these considerations, consumers and organizations can identify which solution best meets their needs, expectations, and preferences. In this slide, I wanted to more or less shed some light in the difference of workforce and consumer expectations when it comes to passwordless authentication. So if I say that in the enterprise, they tend to focus more on security and compliance, it doesn't mean that they don't really want to develop a good user experience. I'm not saying that.
What I'm saying is that in general, they tend to prioritize certain aspects that maybe for the consumers, it's not that important. For example, enhancing security and adhering to compliance requirements for complex workflows. When I was working in a previous company, some time ago, I was dealing with payments and I remember I had to go through MFA and then I had a hardware token to access a platform and then a YubiKey to pay the customers. So it was a very, let's say, annoying procedure.
It didn't really increase my productivity, but on the other hand, it makes sense when we're dealing with delicate activities within the enterprise, such as making payments, right? But for the consumer, they tend to focus more on a smooth and intuitive interaction across multiple devices, ease of access, and of course, privacy. So when we look at the trends over the past few years, we see an increase in passwordless authentication solutions. There's more diversification.
We see well-established companies that are present in the market, but also we see small but innovative entrants that focus on particular use cases or industries. In the report, there are a couple vendors that just focus on the financial industry, for example. So the market is changing. It's becoming more competitive and more dynamic. We see an increase in cybersecurity directives, not only in the United States, but also in Europe, which is further accelerating the adoption of passwordless technologies and zero trust in general.
And of course, with the emergence of passkeys, I think that's really making these solutions more popular. Although I'd say that many people don't really understand what passkeys are, they, I guess, like the simplicity and they know that, to some extent, it's secure, so they are happy with using passkeys. But I think we still need to do a better job in terms of educating users. And the industry is moving fast, is slowly, slowly replacing passwords. But I think there's always going to be some password lurking in the shadows.
But I think with new entrants, with evolving regulations and with new technological advancements, we can start to think about slowly replacing passwords, but also phishing factors, like OTPs and SMS codes and all of these things. So what are the challenges in the market?
One, of course, is user adoption. Many people have still some old school mentalities, perhaps in the highly regulated industries. There's a lack of education, as I repeatedly mentioned, and some people perceive some security limitations with passwordless.
So again, education is crucial. There's also cost barriers. Many organizations are having a hard time administering their budget. So if passwordless vendors deliver the right message and they're able to describe the tangible benefits that can bring to the organization, not only in terms of productivity or security or profit, but also how it's going to help their customers. There's also interoperability issues. I think that the passwordless market needs a sort of holistic approach. There are wallets, there are wearables, there are multiple devices. So interoperability is crucial.
And then vendor adaptation. As I mentioned at the very beginning, many of the vendors still offer username and password as an optional feature. But if we move away from this, because, for example, in the report, there's a couple of vendors that do not offer any phishing factor or any username and password. And for account recovery, they use their own account recovery mechanism that is secure.
That's, in my opinion, a good thing for the market because it's driving more competition, it's driving more innovation. So I think this is a good opportunity for companies to differentiate themselves from the rest by educating their customers and telling them there are better ways to authenticate and to recover your account than username and password. And of course, passwords are still going to be around in the coming years. So here's a second poll question before we move on to the Leadership Compass results.
So what are the primary factors impacting your organization's identity and access management budget? Is it due to emerging security threats and technologies? Is it because regulatory compliance requirements? Organizational growth and scaling? Or operational efficiency slash cost reduction goals? I'm going to give you 15 seconds and then we'll move on.
Okay, so here's a brief summary of how we do Leadership Compass research at Copenhagen Coal. Essentially, what we do is we, of course, select a topic. So in this case, passwordless authentication for consumers. So then we identify the vendors, we invite them to participate, and then if they decide to participate, they will receive a technical questionnaire from us with hundreds of questions. We really focus on the technical aspects of their solution to fully understand what they're doing. So they get to fill this questionnaire, they send it back to us, and then we have a briefing with them.
So they have a chance to talk to us about their product, and then they show us a demo showing the solution. Based on all of this, we then evaluate information and prepare a draft. And then we send it back to them so they can fact check and make sure that everything that we said is accurate. And we can always have a second call with them to discuss anything that needs to be discussed. And at the end, we just publish the report. And you can find all of our Leadership Compass reports on our website. And for each report, we have different categories of leadership.
We have product, we have market, innovation, and the overall leadership. So the product is mostly focused on the functionality of the product. The market has to do with the geographic distribution, the ecosystem, partners, market presence. And innovation has to do with certain capabilities and features that we believe are important and are open for, let's say, improvement, like, as I mentioned earlier, account recovery mechanisms. And based on all of this, we have the overall leadership. In addition to that, we rate each product with nine categories.
And these are security, functionality, integration, interoperability, usability, innovation, market, ecosystem, and financial strength. So we rate each product from weak to neutral, to positive, to negative, weak to neutral, to positive, to strong positive, based on the questionnaire that we got from them and based on the briefing that we had with the vendors. So here are the vendors that participated in the report, which again, as I mentioned, was published in May of this year.
And something that we did two years ago, we had a more generic report that was just called Leadership Compass Password Authentication. So we brought the two use cases, workforce and consumers, into one report.
However, this year, we decided to split the report into two to focus more on these two use cases. And as a result, we had more participants this year. 28 vendors participated, and eight vendors appeared in the vendors to watch section. And here we have very well-known and established players in the market, but we also have small but innovative vendors that only focus on passwords. There are some vendors that address the challenges of the financial industry. There are other vendors that thrive in the highly regulated industries, like in government and defense.
And also we have vendors that are mainly focused on certain geographical regions of the world. So before we share the results with you, we'll have the third poll question. And the question is, how will your identity management slash identity security budget change this year in comparison with the previous year?
A, it grew significantly, more than 20 percent. It grew slightly, 5 to 20 percent. It remains stable, or it decreased. 10 seconds, and then we'll move on.
Okay, so here we have the overall leaders in the LC passwordless for consumers. As you can see there, it's a very competitive field. We see not only the big vendors, but also small and innovative companies that are rated as overall leaders. Why? Because of various reasons, from the functionality of the product to the innovative aspects that they have. In the next slide, we have the product leaders. And here we have these seven categories that we use to assess each product. So we can assess the product leadership. So we have the architecture and deployment.
So here we looked at if the architecture is modern, and if it's based on microservices. We also have authentication, so how many authentication methods are supported, if they still provide username slash password. Then we have fraud prevention. So how solutions detect and mitigate fraudulent activities. Customization and APIs. So how easy it is for users to customize the products, and the comprehensiveness of APIs, as well as security. Then device compatibility. So how easy it is for users to use a device as well as security. Then device compatibility.
And at the very beginning, I said that this is an important aspect in the consumer space. Of course, user experience, how frictionless is the experience, the interface design, et cetera, and scalability. And in a couple more slides, I'm going to show you a spider graph that we use to evaluate each vendor that is made of these seven categories. And then you will see how important these categories are and how they're shown in this spider graph. But before, let's take a look at the innovation leaders. And you can probably see the difference.
It's a bit more compressed, this space, because it's more competitive, it's more dynamic, and it's very different to the innovation leadership category from two years ago, because many of these vendors have come up with new features. Here are some approaches that I believe are innovative, such as decentralized identity and the support for verifiable credentials, microservice architecture, cryptographic approaches, and having their own account recovery mechanisms, which is, I think, something that needs to be pursued more by vendors.
And then here we have, finally, the market leadership category. So despite the presence of major vendors, the evolving nature of the space allows for small companies to focus on niche areas and particular industries. For example, some vendors just focus on small and medium enterprises in North America, and others are targeting mobile operators. And in the next slide, here's what I was talking about earlier.
So each product has this spider graph, in addition to the nine ratings that I was talking about earlier, security, functionality, interoperability, usability, innovation, market presence, financial strength, and ecosystem. So in addition to that and the content, we also have a spider graph that assesses these seven categories that we believe are crucial for passwordless solutions in the consumer space. So I would like to share with you some of our content that we have equipping your call.
We have AC OpenSelect, which is a tool that can help you as an organization or as a user to figure out which solution works best for you based on your own requirements and needs. And you can take a look at this on our website and figure out which passwordless solution fits adequate for you. And of course, we have related research. So as I said earlier, this year, we created two separate reports, one for consumers and one for the workforce. And the one for the workforce will be published at the end of this month or by early August.
So you can also see more on the difference between the consumer and the workforce space. And I'm also going to have a webinar on that report, so I can share with you more of the insights and findings that I come across in the workforce space. And we also have some interesting reports on assessing the maturity level for your identity and access management, as well as for serial trust. So we have some comprehensive reports that go deep into how you can make the next step and modernize your organization and what you need to do to assess your maturity level.
And here we have some of our services, events and webinars, research, advisory projects. And that's all from my side. I believe there's a question from the audience. The question is, oh, well, before the question, how about we show the full results? And after checking that, we can jump in and have some Q&A. So here is the result for the first question. It looks like more organizations have MFA, including passwords, with 47 percent, almost half of the respondents. 29 percent have already password certification and 24 percent have username slash password. I'm not surprised.
I think these numbers make sense to me. Of course, let's see how things are going to look like in the coming years. And maybe since we're running out of time, maybe we can take a look at the second poll question. So what are the primary factors impacting your organization's identity and access management budget?
A, emerging security threats and technologies, 37 percent. As I mentioned in the example of today, of this morning, with this popular and well-known ticket sales and distribution company, we see that no one is safe. And with the use of LLMs and AI, the techniques and procedures by cyber criminals are just becoming stronger.
B, regulatory compliance requirements, 16 percent. Organizational growth and scaling, 26 percent. And operational efficiency, 21 percent. Let's take a look at the last poll question. How will your identity management slash identity security budget change this year in comparison with the previous year? And with 45 percent, respondents said that it remains stable. 11 percent said it grew significantly, more than 20 percent, but also 11 percent said it decreased, and it decreased more than 5 percent.
So that's also something that needs to be taken into consideration and it's good information for us, because we're able to see how organizations, how fast can they adopt these solutions, and also if they're going to be meeting their expectations. I believe we don't have much time for a question, maybe just one question before we wrap up. The question is, have you come across any vendors that implement passwordless authentication in a unique way? There's a vendor in the report, they do, and they're not the only vendors, there's a couple more that do SIM-based authentication.
So they use the SIM card of the phone, because it's cryptographically secure and it's phishing resistant, and apparently this is a very popular way that is done in China with billions of transactions every week, and these vendors are bringing this approach in Europe by connecting mobile operators and offering that, because it's based on the SIM card of your phone. The only downside of this is the account recovery, because if a user loses the device, then they will have to go and get a new phone, so in that aspect it's not very convenient.
So yeah, I thought it was a very cool vendor. And there are more questions, but we don't have time, so I want to thank you all for attending this webinar, I hope it was helpful, and stay tuned, because we'll be publishing the Leadership Compass on Passwordless for Enterprises either this month or early August, so stay tuned and thank you very much. Thank you.
