Customer Identity (CIAM) is a unique segment of the wider Identity and Access Management (IAM) space, as customer-facing applications face a different threat landscape and must deliver an experience that's user-friendly — as well as secure and private. It must rely on subtle techniques to achieve and maintain a strong security posture while also driving conversions and building trust with consumers.
Our 2022 State of Secure Identity Report presents trends, examples, and observations unearthed from observing the billions of authentications on our platform in the hope that bringing light to such insights will help organizations understand the threats against customer identity and drive informed conversations around Zero Trust.
Fraudulent registrations are an ever-present and growing threat
In the first 90 days of 2022, signup fraud accounted for approximately 23% of signup attempts on our platform, up from 15% in the same period last year (per last year's report). Financial Services and Energy/Utilities experienced the highest proportion of signup attacks, with such threats accounting for 64.8% and 72.5% of registration attempts in those two industries, respectively.
Credential stuffing is on a record pace
2022 has already delivered the two largest such credential stuffing attacks we have ever witnessed, and across all industries, credential stuffing accounts for 34% of overall traffic/authentication events on our platform. While most industries experienced a credential stuffing rate of less than 10% of login events, in several cases — Retail/eCommerce (more than 80%), Financial Services, and Entertainment — these attacks represented the majority of login attempts.
Threat actors are targeting MFA
Because of its proven merits, more application and service providers are recommending or requiring MFA. Consequently, the first half of 2022 has seen a higher baseline of attacks against MFA than any previous year in our dataset. As attackers become more sophisticated at targeting this important defensive measure, it's critical that MFA be implemented correctly and that strong secondary factors are chosen.
Breached Passwords are a pervasive but poorly understood threat
Account takeover attacks with stolen credentials are one of the most common and costly cyber threats. Entire marketplaces exist to sell lists of user credentials leaked in third-party breaches. In fact, 58% of all Auth0 customer applications have experienced login attempts using breached/leaked credentials, illustrating the widespread nature of these attacks. What's more, most of the services that purport to protect against breached passwords use web scanners and scrapers that rely on breach data being made public, which can be months or even years after the initial breach. Reusing passwords across sites increases the risk of an attack and makes it more difficult for organizations to prevent fraudulent access to user accounts. In order to defend apps and users against this pervasive threat, it's imperative that breached passwords are detected as soon as they are compromised and accounts notified.
CIAM at the vanguard of identity security
In an enterprise environment, security trumps convenience, so administrators can impose controls with comparatively little regard for the user experience — but customer identity management must maintain security and privacy while minimizing friction. Because of this restriction, CIAM exists at the vanguard of identity security and innovation, as it depends upon defenses that can withstand sophisticated threats but that are nearly invisible to users.
With this report, we aim to increase awareness of both threats to customer identity and the techniques that can be layered to build reliable defenses.
Three ways to stop identity-based attacks
- Implement MFA everywhere. It is still one of the best defenses we have against sophisticated attacks.
- Augment with defense-in-depth tools. These work in combination across the user, application, and network layers, such as scanning for bot traffic and breached passwords among your user base.
- Invest in a customer identity solution. Embrace flexibility by default and customize security and ease of use depending on your risk appetite, user requirements, and implementation.
📈 Download the report for a deeper dive into insights gained from a platform that authenticated billions of logins each month.
Methodology
This report is based on data from Okta customers using the Auth0 platform around the world and so represents real-world observations of identity attacks. The data was retrieved by Auth0's security researchers by running simple and anonymous queries against our aggregate database of operational telemetry. Industry segmentations are based upon each customer's self-reported segment. Observations are from the first 90 days of 2022 unless otherwise noted.