Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How your authentication scheme could hurt your business

Thor Olavsrud | April 18, 2013
Consumers often fail to perform transactions online due to authentication failure. But while they struggle, they also distrust websites with weak authentication procedures.

About 50 percent of consumers say they frequently find themselves unable to perform transactions because of authentication failure-mostly due to forgotten usernames, passwords or responses to knowledge-based questions-and many do not trust systems or passwords that rely only on passwords.

"It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

"The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system," Ponemon says.

"In general, 46 percent of consumers say they do not trust systems or websites that rely solely on usernames or passwords," Ponemon adds. "They seem to think it's too easy to break."

He notes, however, that use is not dependent solely on trust. Consumers may not trust a service that relies solely on usernames and passwords, but a majority of consumers will still use it.

Still, he says, "Having strong authentication that works and is convenient is not just good for security purposes, it may be good for business."

Ponemon Institution surveyed 1,924 consumers between the ages of 18 and 65+ in Germany, the U.K. and the U.S. for the study, which was sponsored by startup Nok Nok Labs, one of the founding members of the Fast Identity Online (FIDO) Alliance. The FIDO Alliance is seeking to replace password technology with a standards-based open protocol that embraces both existing and new authentication methods and hardware.

"What users are saying is, 'Hey, we get enough about security now that we think there should be more than just a username and password around some of the things we do,'" says Phillip Dunkelberger, CEO of Nok Nok Labs and formerly the founder and CEO of PGP Corp. "The FIDO Alliance has doubled in size since we announced it in February. I think that speaks to this idea."

Authentication is the process of validating whether a user is really who he or she claims to be, and the Ponemon study found that many services currently make life difficult and inconvenient for consumers to shop or bank online, request services or just generally use anything that requires restricted access.

Consumers Struggle with Password Deluge

"It's not that web services are deliberately trying to irritate their users. Everyone wants the same thing: to safeguard personal information and communications, and to prevent cyber criminals from breaching online systems," Ponemon says.

"But it's a fine line because providing strong authentication has traditionally brought great cost and complexity for web services and significant hassle for consumers who are forced to navigate arcane multi-step processes. Many web services take the low road and leave consumers to deal with the consequences of password deluge. The result is a higher risk for insecurity of personal information and lost revenue when consumers abandon online activity due to frustration," Ponemon says.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.