Retail Technology
| Log in | Subscribe

Subscribe | Log in
Retail Technology

Password confusion colours e-security concerns

By Retail Technology | Thursday April 18 2013

New Ponemon study finds that reliance on usernames and passwords inhibits online business as current authentication drives frustration and subsequent lost revenue and trust

The Ponemon Institute, an independent research centre dedicated to privacy, data protection and information security policy, today released the findings of a new study, Moving Beyond Passwords: Consumer Attitudes on Online Authentication, sponsored by Nok Nok Labs

The study takes a deep dive into consumer perceptions around how organisations are securing their access and what they would consider to be the ideal steps and technologies used to ensure that their personal information is protected. 

Breaking password dependence

“This study shows the challenge presented by our continued dependence on the troubled password,” explained Phillip Dunkelberger, chief executive of authentication services provider Nok Nok Labs. “Not only are breaches increasing because of password re-use across different web services, but this failure and insecurity is reducing consumer confidence when doing business online. It’s time we evolved our thinking about how businesses authenticate their customers.”

The study includes results from more than 1,900 consumers between the ages of 18 and 65-years-old in the US, UK and Germany. 

Key findings include the fact that failed authentication thwarts online business. Approximately 50% of respondents were “very frequently” or “frequently” unable to perform an online transaction, such as buying a product or obtaining a service because of an authentication failure on the website.

Most authentication failures happen because of the use of usernames and passwords. The majority of authentication failures happen because of forgotten passwords, usernames or a response to a knowledge-based question (such as a mother’s maiden name). Less than half of respondents said authentication failures occurred because of glitches or inaccuracies within website systems or identity verification procedures.

Consolidate authentication methods

The research also found many consumers favoured a single identity credential for a variety of authentication purposes. The majority of consumers (60%) would use a multi-purpose identity credential to verify who they are before providing secure access to data, systems and physical locations. The benefits of a multi-purpose identity credential are convenience for US and UK consumers, and security for those in Germany.

Most respondents were comfortable with using biometrics. The majority of respondents believed it is acceptable for a trusted organisation such as their bank, credit card company, health care provider, telecom, email provider or governmental organisation to use factors such as voice or fingerprints to verify their identity.

Financial institutions came out on top in terms of providing the best online validation. According to respondents, the top five organisations that have the most secure authentication (in order of best to worst): banking institutions, credit card and Internet payment providers, social media, and then retailers, followed by internet service providers.

“It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system.”

An executive summary of the report is available here. You can also click here for the full version of the report.

Related items

Funding fights rise of mobile app attacks

By Retail Technology | Retail Technology investigates data leak

By Retail Technology | Retail Technology

Public venue Wi-Fi compliance questioned

By Retail Technology | Retail Technology

PCI DSS and PA-DSS version 3.0 published

By Retail Technology | Retail Technology

PoS, passwords and education lead new PCI changes

By Retail Technology | Retail Technology

Lakeland confirms security breach

By Retail Technology | Retail Technology