The news: Over 2 billion data records containing usernames and passwords were compromised in 2021, an increase of 35% from 2020, according to ForgeRock.

Why it’s worth watching: Compromised passwords continue to be the leading cause of security breaches and hacks. 

ForgeRock’s Consumer Identity Breach Report reveals that compromised records include victim’s name, address, Social Security number (SSN), date of birth, protected health information (PHI), and payment or banking details. 

• This personal information can be sold on the dark web and result in identity theft. Identity fraud losses totaled $52 billion in 2021, per Javelin.
• For enterprises, traditional password-based solutions aren’t effective at preventing credential theft and data breaches. 
• Passwords have devolved from an authentication measure to a security liability, especially since they are attainable through phishing scams and social engineering.

A passwordless future: Industry giants Apple, Google, and Microsoft have committed to FIDO passkey technology, which lets users choose smartphones as their main authentication device, negating the need to ever enter passwords again.

• The new standard is supported by the World Wide Web Consortium and allows websites and apps to offer “consistent, secure, and easy passwordless sign-ins across devices and passwords.”
• Billions of existing smartphones and PCs can benefit from FIDO’s security.
• The passwordless authentication market is expected to grow from a value of $12.79 billion in 2021 to $53.64 billion by 2030, per VentureBeat, making it attractive for more providers to develop their own passwordless sign-in options. 

What’s the catch? It may take time to get Big Tech companies on board to push the passwordless initiative. Any one company could stall the process by dictating its own standards and practices.

The good news is that the FIDO Alliance released guidelines for optimizing user experiences in June, so developers can prepare for the eventual launch.