Consumers prefer biometrics to passwords, think less of brands with bad authentication
A far greater number of consumers would choose to use biometrics for authentication than passwords, if given the choice, according to research published by the CMO Council.
The ‘Authentication Frustration. How Companies Lose Customers in The Digital Age’ report shows that biometrics are considered an easier and better method of authentication than alternatives by 44 percent of consumers, 34 percent say they would prefer to use biometrics so long as the system is secure, and only 10 percent would prefer passwords or other forms of authentication over biometrics.
Password problems are reported by 68 percent of those surveyed, and respondents show a strong preference for physical biometrics like facial and fingerprint recognition.
In addition to the 60 percent of consumers who say they have abandoned a business transaction due to frustration with the authentication process, 81 percent prefer to interact with companies that verify their identity “simply, quickly, and safely.”
“Data protection, privacy and identity theft are massive challenges for today’s digital business world,” says George Skaff, senior vice president of marketing at Daon. “The issue has become significantly more severe in recent months as consumers relied heavily on digital transactions throughout the COVID pandemic. At Daon, we believe companies need to adopt an ‘Identity Continuity’ model of authentication, in which biometric and non-biometric factors come together on a single platform to create a unified identity experience across the entire customer relationship lifecycle—from identity proofing and onboarding to authentication and recovery.”
Other findings from the report include that 85 percent say a difficult authentication process reflects negatively on the company and brand, and that banks follow digital services (37 to 43 percent) as the top source of frustration. The quantity of passwords people deal with is the top problem, according to 55 percent of respondents.
An Experian report earlier this year indicated that passwords had fallen out of favor with consumers, with both physical and behavioral biometrics recognized as more secure.
The W3C and Yubico have jointly developed a Massive Open Online Course (MOOC) providing an ‘Introduction to Web Authentication’ to educate people about options for replacing passwords with strong authentication based on the WebAuthn protocol.
The three-week course introduces the principles of Web Authentication and covers API development, terminology and technical instruction. Students will learn how to build and deploy their own Web Authentication server.
The organizations cite IBM’s 2021 Breach Report finding that 20 percent of breaches are caused by compromised credentials, and breaches have an average cost of $4.37 million.
“WebAuthn will change the way people access resources on the web,” comments W3C CEO Jeff Jaffe. “With multi-factor solutions that eliminate a weak link, Web services and businesses adopt WebAuthn to move beyond vulnerable passwords and improve the security of online experiences. I am looking forward to more web developers becoming experts thanks to this course and implementing the web-wide interoperability guidance of the standard.”
Incognia has launched an Authentication Reference to provide comprehensive and vendor-neutral information about authenticating digital identities, and to help non-experts better understand of the field.
Articles in the reference explain the difference between 2FA and MFA, and cover SIM swap attacks, GPS spoofing, social engineering and one-time passwords. New articles will also be added on a weekly basis.
“New models of authentication need to require less expert knowledge by the user,” observes André Ferraz, founder and CEO of Incognia. “At Incognia we believe authentication for legitimate users should be frictionless. With the Incognia Authentication Reference, we hope non-security experts find this educational resource useful, to stay secure, educated, and friction free.”