June 29, 2016 -
Less than one in ten businesses now rely solely on passwords for identity authentication, and the majority will be rid of them completely by 2025, according to research released Wednesday.
Sponsored by mobile identity company TeleSign, the report “Beyond the Password: The Future of Account Security” shows the cost of fraud, and account takeovers (ATOs) in particular, are driving companies away from passwords, and towards two-factor and behavioural biometric authentication.
Lawless Research collected survey responses from 600 professionals responsible for authentication methods at US companies of 100 or more employees in April to compile the report. It shows that almost four out of five (79 percent) online accounts are “protected” by duplicate passwords, and over half of all consumers use five or fewer passwords to protect every element of their online identity. Given that it takes less than a third of second for a hacker to crack a seven letter password, even unique passwords are much less secure than they once were.
Businesses are now catching on to this change, as seven out of ten companies no longer believe passwords offer sufficient security on their own. Passwords are still the most popular authentication, but while they are used by three-quarters of companies, only 7 percent rely on them exclusively.
Adding additional security to passwords seems to be an early step down a path away from passwords altogether, as 36 percent of companies plan to stop using them within four years, and just as many plan to move beyond passwords in 5 to 9 years.
Companies are sold on the potential of behavioural biometrics, with 83 percent agreeing that it would increase security without adding friction to the user’s experience. User experience is a key to adoption, according to TeleSign co-founder Ryan Disraeli.
“The fact that it’s passive in nature means that the user experience is much better,” Disraeli told Biometric Update in an interview. “It’s behind the scenes for users. When we talk to large websites and mobile apps, they’re investing more right now in solutions that are passive and less intrusive to users.”
Over three-quarters of businesses surveyed plan to or have already implemented behavioural biometrics. Two-factor authentication is even more popular, however. It will be used by 85 percent of organizations within the next 12 months, with a roughly even split between those who have implemented it and those planning to.
“I think every company is looking at layers,” Disraeli said. “It’s a matter of how those layers evolve, and behavioural will definitely become a critical layer for a lot of companies.”
Among the barriers to adoption, cost was most commonly cited (42 percent), but only slightly ahead of uncertainty about effectiveness (37 percent). Concerns about consumer resistance and a lack of knowledge about the technology were also chosen by 27 and 23 percent, respectively.
All of those barriers are likely to diminish over time, and Disraeli says that for a company like TeleSign, leveraging consumer’s phones as authentication devices is a natural step towards frictionless security.
“Feedback from our customer base on behavioural is all of them are interested in doing it. It ranges from actively piloting to ‘that’s sound super interesting, that’s definitely part of our roadmap.’ But as far as what’s going to be adopted and seeing the most in the next year it’s definitely going to be two-factor authentication.”