Users warming up to replacing traditional passwords with next-level authentication
Google intends to incorporate biometrics into its user authentication process, and a new study indicates that consumers may approve of similar measures moving forward.
On the heels of Google disclosing its plans to replace conventional Android device passwords with biometrics-based trust scores, a new study has come to light in which 52 percent of surveyed consumers said they would prefer a more modern authentication method over traditional username and password mechanisms.
They study from customer identity management firm Gigya, compiled responses from 4,000 consumers across the U.S. and U.K., including Millennials, Gen Xers and Baby Boomers. According to the survey, 29 percent of respondents would prefer using two-factor authentication, while another 20 percent expressed an affinity for biometrics.
Of the survey-takers who expressed a preference, 80 percent agreed that biometrics was more secure than traditional usernames and passwords, a statistic that would only seem to validate Google's strategy to overhaul its devices' user authentication technology. Last week at Google's I/O 2016 developer conference, the company announced that by the end of the year Android devices will determine whether or not a user is authorized based on an individual's facial scans, swiping patterns, typing speed, voice patterns, current location and physical gait.
Combined, these various data points would create a cumulative trust score that must reach a predetermined threshold in order for the user to be granted access. A recent TechCrunch report covered the conference, during the head of Google's ATAP research unit Daniel Kaufman said, “We have a phone, and these phones have all these sensors in them. Why couldn't it just know who I was, so I don't need a password? I should just be able to work.”
Such advances in authentication technology are desperately needed, if the Gigya survey is truly representative of the current state of credentials security. For instance, only 16 percent of respondents have created a unique password for each of their online accounts. For this very season, Reddit just forced a reset of 100,000 user passwords, following the news of the LinkedIn data breach.
Moreover, 56 percent use passwords such as names and birthdates, which are easily guessable and thus not secure. And 68 percent said that at one time or other, they abandoned the process of creating an online account but the password requirements were too strict and complex.
It's bad habits like these that can lead to a surge in account takeovers. Indeed, the survey found that within the last 12 months, more than 25 percent of respondents had an online account compromised, including 35 percent of Millennials, who based on their survey responses appear to have the laziest password habits among the three studied generations. (For instance, only 33 percent of Millennials said that they never create simple, easy-to-guess passwords, compared to 53 percent of Baby Boomers and 42 percent of Gen Xers.)
“Within the next 10 years, traditional passwords will be dead as an authentication form,” Patrick Salyer, CEO of Gigya, said in a press release. “Consumer-focused brands require modern customer identity management infrastructures that support newer, more secure authentication methods, such as biometrics. Businesses that are already using advanced authentication methods demonstrate increased customer registration and engagement while enjoying greater login convenience and security.”