How Your Authentication Scheme Could Hurt Your Business
Consumers often fail to perform transactions online due to authentication failure. But while they struggle, they also distrust websites with weak authentication procedures.
Wed, April 17, 2013
CIO — Is the authentication scheme on your website hurting your business? Consumers have fallen out of love with usernames and passwords, according to new research by the Ponemon Institute, an independent research center dedicated to privacy, data protection and information security policy.
About 50 percent of consumers say they frequently find themselves unable to perform transactions because of authentication failure—mostly due to forgotten usernames, passwords or responses to knowledge-based questions—and many do not trust systems or passwords that rely only on passwords.
"It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
"The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system," Ponemon says.
"In general, 46 percent of consumers say they do not trust systems or websites that rely solely on usernames or passwords," Ponemon adds. "They seem to think it's too easy to break."
He notes, however, that use is not dependent solely on trust. Consumers may not trust a service that relies solely on usernames and passwords, but a majority of consumers will still use it.
Still, he says, "Having strong authentication that works and is convenient is not just good for security purposes, it may be good for business."
Ponemon Institution surveyed 1,924 consumers between the ages of 18 and 65+ in Germany, the U.K. and the U.S. for the study, which was sponsored by startup Nok Nok Labs, one of the founding members of the Fast Identity Online (FIDO) Alliance. The FIDO Alliance is seeking to replace password technology with a standards-based open protocol that embraces both existing and new authentication methods and hardware.
"What users are saying is, 'Hey, we get enough about security now that we think there should be more than just a username and password around some of the things we do,'" says Phillip Dunkelberger, CEO of Nok Nok Labs and formerly the founder and CEO of PGP Corp. "The FIDO Alliance has doubled in size since we announced it in February. I think that speaks to this idea."
Authentication is the process of validating whether a user is really who he or she claims to be, and the Ponemon study found that many services currently make life difficult and inconvenient for consumers to shop or bank online, request services or just generally use anything that requires restricted access.