Consumer password authentication dissatisfaction reaches tipping point
Over half of consumers in the US and UK would prefer to get rid of their usernames and passwords altogether, and instead use biometrics and other modern authentication methods, according to survey results released by customer identity management company Gigya on Tuesday. The resulting report “Business Should Begin Preparing for the Death of the Password” shows that 80 percent of consumers believe biometric authentication is more secure than a traditional username and password approach.
“Within the next 10 years, traditional passwords will be dead as an authentication form,” said Patrick Salyer, CEO of Gigya. “Consumer-focused brands require modern customer identity management infrastructures that support newer, more secure authentication methods, such as biometrics. Businesses that are already using advanced authentication methods demonstrate increased customer registration and engagement while enjoying greater login convenience and security.”
Gigya commissioned OnePoll.com to survey 4,000 consumers earlier this year, half each in the US and UK. It found that attitudes, experiences, and practices related to passwords vary more based on age than region.
While consumers generally exhibit poor password habits, with only 16 percent using best practices with a unique password for each account, younger survey respondents were particularly likely to have bad habits, including roughly two-thirds sometimes using insecure passwords like “password.”
“The younger you are, the less likely you are to actually use best practices, when it comes to passwords,” Gigya SVP of Marketing Jason Rose told Biometric Update in an interview.
Increasingly, the security advantages of modern methods are understood, and combine with customer experience problems with passwords to bring the authentication market to the brink of a tipping point. “Passwords are like Nokia in 2004. Sitting there with their 95 percent market share.” says Rose. “From an establishment perspective, so the people that run the websites and ask for a password, it’s the easy status quo approach.”
Indeed, the change has already started. The survey shows that younger demographics are less willing to deal with passwords, as 38 percent report abandoning a registration attempt due to strict password requirements. Generation X and Baby Boomer respondents are only somewhat more tolerant, at 33 and 27 percent respectively. However, 55 percent have abandoned a login page after forgetting a password or answering a security question incorrectly, further suggesting that password authentication increasingly forces online businesses to choose between adequate security and adequate user experience. Given an alternative, consumers will take it, and in any given vertical an early adopter can force its competition to adapt just to keep up.
“If I don’t do that, I’m not going to get the registration rates, I’m not keep my consumers on board, and I need to make this change or risk the very fabric of my digital business,” Rose says.
Turst in passwords continues to erode, as over a quarter of all consumers and 35 percent of millenials have had an online account compromised in the past year. Many consumers already prefer methods like multi-factor authentication (29 percent) and biometrics (20 percent), despite the fact that the majority of Generation X respondents and 70 percent of Baby Boomers don’t own any devices that offer biometric authentication.
Rose says that most major websites can now be logged into using the extension of social media authentication, and the success of the multi-factor “social login” approach shows the beginning of the end of traditional passwords. As this happens, the ability of businesses to support biometric authentication is increasing to give consumers the modern authentication options they clearly desire.
“A lot of the time the devices that are doing biometric authentication offer an SDK that can be integrated into that registration workflow. We’ve seen the disruption already start to a large extent, in that the option is already there to bypass username and password by social login, and I think the option to authentic by a biometric form will take a similar path to adoption.”
The majority of consumers in each demographic have still not used any form of biometric authentication, but 49 percent of millenials have used some form or other, and the Gigya report strongly indicates that as the option becomes available, consumers will take it. Other reports, such as a February report from MasterCard and PRIME Research, also support this conclusion. If this bears out, then with each new smartphone, app, and website that enables it, the improved user experience and security of modern authentication will replace passwords.