---
url: 'https://www.corbado.com/kpi/authentication-error-rate'
title: 'Authentication Error Rate'
description: 'Authentication Error Rate is the share of authentication attempts that end in an explicit error, helping to pinpoint reliability and UX failures.'
lang: 'en'
---

# Authentication Error Rate

## What is the Authentication Error Rate?

**Authentication Error Rate** is the percentage of authentication attempts that end with
an explicit error outcome that we can log and classify. It matters because explicit errors
tell us what broke, where it broke and which fixes will reduce user friction and support
load.

> **Key facts on Authentication Error Rate**
> 
> - **What it captures**: The share of attempts that end with an error message or error
>   state
> - **Primary use**: Diagnose reliability and UX failures by error type, platform and method
> - **Interpretation**: Lower is better, many teams target under 5% overall and 2% to 5% is
>   common when passkeys are widely used

## Where does the Authentication Error Rate fit in the login funnel?

We measure **Authentication Error Rate** from the moment an authentication attempt starts
to the moment it ends in either a success or an explicit error. We only count outcomes
that produce an explicit error event and we exclude silent abandonment where no error is
emitted.

```mermaid
flowchart LR
    SA((Start<br/>Auth Attempt))
    OM((Offer<br/>Method))
    SM((Start<br/>Method))
    SU((Success<br/>Auth))
    ER((Explicit<br/>Error))

    SA --> OM --> SM
    SM --> SU
    SM --> ER

    SA -. "AUTH ERROR RATE" .-> ER
```

## How to calculate the Authentication Error Rate?

We calculate **Authentication Error Rate** per authentication attempt. We count an attempt
once, even if it includes retries inside the same flow, as long as it maps to a single
start and a single terminal outcome.

> $$\text{Authentication Error Rate}=\frac{\text{Auth Attempts with Explicit Errors}}{\text{Total Auth Attempts}}$$

`Auth Attempts with Explicit Errors` are attempts that emit an explicit terminal error
event such as invalid credentials, technical failure, user cancellation or account issue.
`Total Auth Attempts` are all attempts that started within the measurement window.

Typical ranges vary by method mix and platform coverage.

| Level                        | Typical range |
| :--------------------------- | :-----------: |
| Industry average             |  10% to 15%   |
| Top performers               |   Under 5%    |
| With strong passkey adoption |   2% to 5%    |

### Numerator: Auth Attempts with Explicit Errors

Counts when we record a terminal error event for the attempt, such as invalid credentials,
timeout, browser incompatibility, user cancelled, account locked, suspended or not found.
Does not count silent exits where we never receive an error event.

### Denominator: Total Auth Attempts

Counts each authentication attempt that started within the measurement window. Does not
include background token refreshes or already authenticated session checks, unless we
explicitly model those as user facing authentication attempts.

Errors often cluster on specific platforms or implementations. Social logins and passkeys
can fail on certain [Android](https://www.corbado.com/blog/how-to-enable-passkeys-android) or
[iOS](https://www.corbado.com/blog/how-to-enable-passkeys-ios) versions due to SDK incompatibilities,
[WebView](https://www.corbado.com/blog/native-app-passkeys) limitations or missing OS-level support. Always
segment by OS version and app version to catch these platform-specific issues early.

### How to use Authentication Error Rate to improve outcomes

We use **Authentication Error Rate** to prioritize fixes that reduce explicit failures
that block sign in. We can achieve the following business outcomes:

- Higher successful sign ins
    - Diagnose which error category drives most failures
    - Change method ordering, add passkeys where supported and improve fallback design
    - Validate by a sustained error reduction and stable completion volume
- Lower user friction
    - Diagnose spikes in user cancelled errors on specific screens
    - Change prompt copy, add clear choices and avoid surprise biometric prompts
    - Validate with lower cancellations and fewer repeat attempts per user
- Lower support ticket volume
    - Diagnose account locked and account not found rates
    - Change recovery guidance and self serve unlock flows
    - Validate with fewer error tagged support tickets and fewer repeated lockouts

### Blindspots and common pitfalls of Authentication Error Rate

- **Intent and selection bias**: attempts include bots, fraud and confused users, so the
  rate can rise even if real users are fine
- **Missing telemetry**: if error events fail to log on crashes or network loss, explicit
  errors look better while users still fail
- **Inconsistent logging**: different clients may map the same issue to different error
  types, which breaks trend accuracy
- **Mix shifts across segments**: adding passkeys, changing method order or expanding to
  new devices can move the aggregate without real quality change