Users Favor New Forms of Authentication

Survey: Consumers Express Frustrations with Passwords
Users Favor New Forms of Authentication

In the 1976 film "Network," the aging and about-to-be-fired network news anchor shouts, "I'm mad as hell and I'm not gonna take it anymore."

See Also: Hide & Sneak: Defeat Threat Actors Lurking within Your SSL Traffic

Although not as tortured as the anguished Howard Beale, Phil Dunkelberger is as "mad as hell," expressing irritation over how he couldn't gain access to his e-mail on a recent trip to Germany because his Internet service provider wouldn't authenticate him from abroad. Despite spending two hours pleading on the phone with his ISP, Dunkelberger couldn't access his messages on his laptop computer, meaning the business executive from California couldn't get to important documents attached to his e-mails.

Dunkelberger's problem isn't unique. And Dunkelberger isn't just any businessman; he's chief executive of security vendor Nok Nok Labs. If such a problem exasperates Dunkelberger, it's bound to frustrate others. Now, Dunkelberger has facts to show that consumers share his aggravation.

A survey conducted of consumers in the United States, Britain and Germany by the Ponemon Institute for Nok Nok Labs, and released April 17, confirms the frustration users have with authentication. More than 60 percent of respondents say they've been locked out of Internet sites, and about half add it took a long time to reset a username or password. Some 70 percent of respondents in the U.S. and U.K. gripe that passwords are too long or complex (only about half of Germans express similar annoyances).

The survey also reveals willingness of consumers to accept other authentication factors beyond username and password, even if they require more work on their part.

Dunkelberger says the survey results suggest that consumers are more willing to try new forms of authentication than the industry had assumed. "There are a lot of secure elements out there, from biometrics to a number of different types of tokens," he says. "The consumer is saying they will use those things if they were made available and trusted. There are some perception differences between industry and the consumer and the consumer is far more knowledgeable than maybe industry and some other folks really have given them credit for."

The survey polled some 1,924 consumers in the three nations (754, U.S.; 569, U.K.; 601, Germany), and finds they don't:

  • Trust systems or websites that only rely on passwords (46 percent U.S., 45 percent U.K., 65 percent Germany);
  • Trust systems or websites that don't require frequent password changes (38 percent U.S., 37 percent U.K., 46 percent Germany);
  • Use websites with inadequate authorization (35 percent U.S., 39 percent U.K., 52 percent Germany);
  • Use websites with easy identity and authorization procedures (46 percent U.S., 48 percent U.K., 61 percent Germany).

Larry Ponemon, who heads the research firm that conducted the survey, says consumers in each country have different favorite forms of secondary authentication: Americans like using messages received on their mobile devices; British favor identity cards; and Germans prefer biometrics.

"There's an appetite for multi-purpose identity credentials to use for payments, to get into secure places like an airport," Ponemon says. "In general, people like that idea of not having one password or one username per website for something that's secure but could be used for different sundry purposes, both physical and logical."


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network