Modernise authentication methods or suffer the consequences
By Richard Lack, Director of Sales EMEA at Gigya
The way digital enterprises connect with their customers is changing.
Consumers are demanding more trusted and personalised experiences in exchange for their personally-identifiable information (PII), while businesses are struggling to protect user privacy in light of growing global security and privacy concerns.
Traditional authentication solutions and methods were simply not built to bridge this widening gap. As consumer patience for archaic security barriers like username and password combinations starts to wane, enterprises must find a way to secure millions of identities while still providing streamlined customer experiences.
Our most recent survey, which collected the perspectives of 4,000 adults in the US and UK, examines the ways that consumers create and manage their passwords and online accounts, and how next-generation authentication methods like biometrics are gaining traction among a variety of age groups.
As a means of authentication, traditional username and password combinations themselves are not inherently secure. Their ability to protect user identities and data is dependent not just on the technology and security protocols put into place by organisations, but also dependent on consumers following best practices for creating and managing passwords.
However, according to our survey results, only 16 per cent of people follow these best practices by maintaining a unique password for each of their online accounts. Baby Boomers, or respondents ages 51-69, are the most cautious when it comes to password duplications, with 65 per cent creating 5 or more passwords across their online accounts, compared to just 44 per cent of Millennials, or respondents ages 18-34. Re-using the same password across multiple accounts increases risk in that if one account is compromised, others can be easily accessed as well.
To make matters worse, 56 per cent of people use passwords that they know are not secure, such as those that include their names or birthdates. Baby Boomers are more cautious when it comes to protecting their identities than younger generations, with 53 per cent claiming they never create easy-to-remember yet unsecure passwords, compared to 42 per cent of Generation X respondents and 33 per cent of Millennials.
Perhaps the most surprising illustration of Baby Boomers taking security much more seriously than their younger counterparts is that they are nearly twice as likely as Millennials to activate two-factor authentication when logging in to an online account. Two-factor authentication ensures the validity of a user’s identity and minimises account phishing by adding an additional authentication step during the login process, such as sending a verification code via SMS to the user’s mobile phone.
Likely due to the real-time nature of new technologies and platforms like mobile devices and social networks, Millennials appear to lack the patience and dedication of older generations when it comes to following password creation and management best practices.
As consumers create unsecure passwords and reuse login credentials across devices and domains, they generate risk for businesses by leaving their accounts open to phishing and fraud. In fact, our survey results show that more than 25 per cent of respondents have had an online account compromised in the past 12 months. For Millennials, this number jumps to 35 per cent, which is more than likely a direct reflection of this age group’s failure to follow password best practices. In contrast, this number drops to less than 20 per cent for Baby Boomers.
Unfortunately, attempts to enhance password security often have a negative impact on users’ registration experiences, with one third of consumers admitting to abandoning the creation of an online account due to complex password requirements. Even if users do make it past the hurdle of account creation, login roadblocks such as forgetting a username, password or answer to a security question have caused more than half of consumers to abandon a site.
With Millennials unwilling to follow password creation best practices and attempts to combat the associated risk resulting in poor user experiences, businesses looking to stay connected with consumers must start exploring authentication solutions that are both secure and convenient.
Biometric authentication is still in its infancy, with the popular Apple ID fingerprint scanner for iPhone being launched less than three years ago. While just 20 per cent of Baby Boomers have used this solution, it is gaining much higher traction with Millennials. Almost half of them claim to have used at least one form of biometric authentication. In the same vein, 66 per cent of Millennials, compared to just 30 per cent of Baby Boomers, say they own at least one device that offers some form of biometric authentication. Any device with a camera or microphone has the potential to be a biometric-enabled device, and 91 per cent of UK millennials now own a smartphone.
Millennials, more than other generations, embrace advanced authentication methods that present a simpler way to log in while maintaining a high level of security. Nearly one-half of Millennial respondents use one or more forms of biometric authentication, such as fingerprint scanning technology (38 per cent), voice recognition (15 per cent), facial recognition (11 per cent) or iris scanning (5 per cent).
Millennials also report that at least one of the applications they’ve downloaded offer some form of biometric authentication, which is consistent with Juniper Research’s estimate that more than 770 million biometric-enabled applications will be downloaded each year by 2019, as compared with 6 million in 2015. To continue growth, businesses must modernise authentication methods or suffer the consequences of millennials abandoning their services, and engaging with brands that offer the streamlined authentication that they crave.
Of course, scanning one’s finger or face is far more convenient than creating and remembering yet another username/password combination. What’s more, 80 per cent of all consumers believe that biometric authentication is more secure than traditional registration. With passwords failing to provide the better, more trusted experiences today’s consumers are demanding, biometrics and other methods of next-generation authentication are sure to begin emerging at a faster and higher rate.
Amidst these changes only one thing is for certain: the password is dying. Is your business prepared?