Passé passwords give way to biometric authentication
This is a guest post by Patrick Salyer, CEO of Gigya
Many consumers use Twitter as their “go-to” resource for celebrity gossip, information on their favorite brands and just overall updates on current events and the latest news. However, Twitter is also a breeding ground for hoaxes and identity theft — as demonstrated by the NFL’s recent security breach. While social media has fueled consumer expectation for frictionless, real-time access to information, applications and networks, it’s also created an impatience for filling out lengthy registration forms, or freeing up brain space to remember dozens of usernames and passwords. Not only are traditional passwords too time-intensive for today’s attention-deficit consumers, but they also invite trouble, as evidenced by the many reported instances of ID theft and other breaches. LinkedIn just admitted its 2012 password breach was much larger than expected, and LeakedSource revealed that poor password habits was a factor with 753,305 of registered users using “12345” as theirpasswords. Recently, celebrities like Katy Perry and Drake have had their Twitter accounts compromised. Not even Mark Zuckerberg’s login credentials are safe.
While it may seem that the traditional password is drawing its last breath, it’s certainly taking its time dying. A recent survey, conducted by OnePoll.com, indicated that consumers may be frustrated with having to create and remember complex passwords, but a significant number (39 percent) simply can’t part with their username/password credentials.
Still, the opportunity exists for brands to finally put the password out of its misery and drive the convergence of security and customer experience. They can do this by supporting advanced methods of identifying and authenticating users.
Mobile, social helping push popularity of advanced authentication techniques
With their reputation for bridging the security-consumer experience chasm, advanced authentication techniques have piqued the public’s interest. Consumers are increasingly opting to authenticate their identities on digital properties using their existing social credentials (like Facebook, Twitter and PayPal). They’re also becoming more comfortable with biometric and multifactor authentication. Biometrics requires the user to log in to a device using a fingerprint, voice, iris or now even an ear. Multifactor authentication requires information that, theoretically, only the user would know or possess: a knowledge factor (piece of information like where you were born), a possession factor (such as a token), or an inherence factor (fingerprint, etc.).
A November 2015 survey by SecureAuth and Wakefield Research found that 97 percent of those polled believe authentication techniques like fingerprint scans and two-factor authentication are reliable. And 66 percent already use these authentication methods instead of passwords. This year, the advanced authentication trend is expected to gain even more momentum, which may accelerate the traditional password’s death.
The growing interest in advanced authentication techniques is spurred by a number of drivers, including the availability of mobile phone-based biometric technologies, social login and mobile payment. In fact, research conducted by ESG shows that 41 percent of enterprises are already using mobile devices for multi-factor authentication. Another 44 percent are or would consider using social login/identity credentials for authentication.
Surviving and thriving amid convergence of security, customer experience
The imminent fall of passwords and the corresponding rise of advanced authentication techniques means brands must refactor and re-implement their legacy identity and access management systems to support new types of credentials.
The added benefit in this move is that the user experience not only becomes more secure by virtue of advanced authentication, but also becomes frictionless and personalized. Certainly, logging in using a social identity or biometric factor is much less invasive and off-putting than having to come up with another password, or reveal at length (again) the user’s name, address, preferences and so forth at the time of registration.
While the traditional password is not yet dead, the advent of biometrics and other advanced authentication technologies is quickly taking over. Savvy brands understand that advanced authentication affords stronger security, but not at the expense of the customer experience. Their next step is to embrace technologies that support advanced authentication, which will ultimately draw new customers looking for a secure, seamless and personalized user experience.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.