Interviews

Authentication frustration

by Mark Rowe

The Ponemon Institute, a US research centre covering privacy, data protection and information security policy, released a study, “Moving Beyond Passwords: Consumer Attitudes on Online Authentication” sponsored by Nok Nok Labs. The study looks at consumer perceptions around how organisations are securing their access, and what they would consider to be the ideal steps and technologies used to ensure that their personal information is protected.

“This study shows the challenge presented by our continued dependence on the troubled password,” said Phillip Dunkelberger, pictured, CEO, Nok Nok Labs. “Not only are breaches increasing because of password re-use across different web services, but this failure and insecurity is reducing consumer confidence when doing business online. It’s time we evolved our thinking about how businesses authenticate their customers.”

The study includes results from more than 1,900 consumers between the ages of 18 and 65-years-old in the United States, United Kingdom and Germany. Key findings include:

– Failed authentication thwarts online business. About half of respondents were “very frequently” or “frequently” unable to perform an online transaction such as buying a product or obtaining a service because of an authentication failure on the website.

– Most authentication failures happen because of the use of usernames and passwords. The majority of authentication failures happen because of forgotten passwords, usernames or a response to a knowledge-based question (such as a mother’s maiden name). Fewer than half of respondents said authentication failures occur because of glitches or inaccuracies within website systems or identity verification procedures.

– Many consumers favour a single identity credential for a variety of authentication purposes. Most consumers (60 percent) would use a multi-purpose identity credential to verify who they are before providing secure access to data, systems and physical locations. The benefits of a multi-purpose identity credential are convenience (US & UK consumers) and security (German consumers).

– Most respondents are comfortable with using biometrics. The majority of respondents believe it is acceptable for a trusted organisation such as their bank, credit card company, health care provider, telecom, email provider or governmental organisation to use factors such as voice or fingerprints to verify their identity.

– Financial institutions provide the best online validation. According to respondents, the top five organisations that have the most secure authentication (in order of best to worst): banking institutions, credit card and Internet payment providers, social media, retailers, and Internet service providers.

“It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system.”

To see the executive summary of the report, visit:
http://go.noknok.com/rs/noknok/images/NokNok-Ponemon-ExecutiveSummary-Apr13.pdf

For the full report, please visit:
http://go.noknok.com/rs/noknok/images/NokNokWP FINAL 2.pdf

Related News

  • Interviews

    Stewarding sector report

    by Mark Rowe

    There’s an industry-wide reduction in the numbers of badged security and stewarding personnel according to a report published by the United Kingdom…

  • Interviews

    Document management system

    by Mark Rowe

    Massive data breaches at professional services firms have put unprecedented pressure on information security professionals to keep sensitive client information secure at…

  • Interviews

    Catch of the day

    by Mark Rowe

    Tackling IaC security can help businesses avoid the jaws of defeat, says Robert Haynes, SCA & Open Source Evangelist, at app security…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing