SecureAuth, Pindrop surveys show passwordless progress and KBA pain

Studies commissioned by SecureAuth and Pindrop suggest that frustration with traditional security measures like passwords and knowledge-based authentication (KBA) are turning IT and cybersecurity professionals towards passwordless authentication and voice biometric systems for identity verification.

A survey of IT and cybersecurity professionals conducted by Enterprise Strategy Group (ESG) and commissioned by SecureAuth finds that more are looking to passwordless authentication as a more secure option for their organizations.

The report surveyed 488 IT and cybersecurity professionals between December 14 to December 28, 2021, via online survey from private and public organizations across various industries, and ranged from organizations with 500 to 999 employees to 20,000 or more.

The survey finds that more than half of the organizations have started to selectively eliminate passwords or are actively evaluating/testing the elimination of passwords. Among organization that have gone passwordless, 63 percent say it increased IT/security efficiency, 57 percent report an improved user experience, and 56 percent say it reduced risk. Thirty-one percent say passwordless authentication is their top identity-related activity, and 34 percent say it is among their top three identity-related activities.

Additionally, the results also show that MFA remains the most popular form of security, with 58 percent of the organizations implementing it and 23 percent saying it is the most effective form of IAM, the highest-ranking response. Single sign-on (SSO) management, cloud infrastructure entitlement management, customer identity and access management, and identity-as-a-service round out the top five. However, 32 percent make MFA optional for employees and 40 percent for customers, which SecureAuth attributes to ‘MFA fatigue.’

SecureAuth offers a selection of passwordless authentication such as Endpoint, MFA solutions, SSO, and behavioral analytics. Endpoint notably features biometrics as an authentication method.

“SecureAuth’s vision is focused on advanced authentication that is continuous and behavioral based, providing users a frictionless experience while enabling a stronger security posture. The survey findings provide a strong support for our strategy,” comments Paul Trulove, CEO of SecureAuth.

Different surveys, similar results

The results from SecureAuth and ESG are corroborated by a survey from voice biometrics developer Pindrop that discovered broad frustration with passwords. Sixty-three percent of those surveyed say that resetting a password is a huge inconvenience, to the point where 14 percent say they would prefer to be stuck in traffic during rush hour than reset a password. Some consumers even ranked answering KBAs as more annoying than a flight delay, snow shoveling, or rain on their vacation.

The Pindrop survey suggests that continuing with passwords and KBAs can even inflict harm on the brand, with around a quarter of those surveyed reporting that a bank that makes them answer KBAs gives the impression of the brand as inconvenient and antiquated. Nearly 10 percent will abandon an account or brand entirely, and 14 percent blame the brand for a poor user experience if they get locked out of their account because of a forgotten password or incorrectly answered KBA.

Pindrop says that voice biometric systems have the potential to solve these inconveniences and are showing widespread adoption by the public at large.

An analysis of how long it would take a hacker to brute force a series of password permutations by Hive Systems finds that increasingly sophisticated graphic processing units on commercial graphics cards or cloud computing systems are improving the speed at which they can decode a hashed password.

Article Topics

access management  |  authentication  |  biometrics  |  continuous authentication  |  cybersecurity  |  enterprise  |  identity management  |  multi-factor authentication  |  passwordless authentication  |  Pindrop  |  SecureAuth