Survey shows biometrics more popular for UX than security
A survey from ThumbSignIn, One World Identity (OWI) and identity and access management (IAM) provider Gluu has found that 100 percent of IT and security professionals are interested in biometrics for user experience benefits, but only 75 percent for security purposes, as data breaches drive companies to an inflection point where they replace passwords with strong authentication.
The “Customer Authentication Practices 2019” report shows the combination of passwords with two-factor authentication (2FA) is now nearly as common for website authentication (36 percent) as password only authentication (40 percent). Over the next few years, professionals think 2FA will be the fastest-growing authentication method (29 percent), followed by biometrics (21 percent). More than 60 percent of companies surveyed are already using strong authentication, and the majority are more than a third also say they are currently researching (36 percent), close to a decision on (9 percent), or already implementing (24 percent) new solutions.
Two percent of websites and 14 percent of apps support passwordless authentication with biometrics, and 39 percent of apps use both passwords and biometrics, according to the survey. Among biometric modalities, facial recognition is by far the most widely considered for authentication implementations, but 82 percent said they will consider fingerprint biometrics, and each of iris scanning and behavioral biometrics will be considered by 36 percent. Mobile app authenticators are the top type of 2FA being considered by 86 percent, followed by hardware tokens (52 percent).
The top barrier to implementation of 2FA or biometrics is complexity, according to 76 percent, followed by disruption of existing processes (48 percent), lack of customer awareness or adoption (45 percent), amount of time required for implementation (43 percent), buy-in from departments (36 percent), security or privacy concerns and possible budget overrun (24 percent each).
FIDO authentication is considered necessary or at least good to have by 64 percent of respondents, but 36 percent either do not know enough about it or do not think it matters.
The ITU extended official recognition for two biometric and strong authentication standards from the FIDO Alliance in late-2018.