Security

Biometrics and one-time passwords gaining traction among consumers

by Ericka Chickowski, DarkReading, December 2, 2010

Improved technology, growing familiarity making alternative authentication more palatable to consumers

A new report released by Javelin Research showed while consumers still strongly prefer knowledge-based authentication methods for online banking and other sensitive applications, alternative factors, such as biometrics and one-time-passwords, are currying favor.

Based on a survey conducted across nearly 2,000 U.S.-based consumers, the 2010 Authentication Report showed for online banking, 64 percent of consumer perceived that challenge-response questions were effective, compared to 58 percent who believed biometrics to be effective and 42 percent who thought one-time passwords worked well.

"This year we continue to find knowledge-based questions and challenge-response to still be the No.1 method that is familiar with consumers and perceived to be effective by them," says Robert Vamosi, an analyst for Javelin and the author of the report, which came out last week. "But this year, what was surprising was that one-time passwords and biometrics were starting to make a move on No. 1 and were performing better than we've seen in previous years."

Vamosi says this is partially attributed to improving technology and partially to growing familiarity with these alternative means of authenticating users.

"It starts in an enterprise environment and it moves into the home," Vamosi says of people's familiarity with authentication technologies. "If you go into your office and the IT department has imposed this new means of getting on the network and you become experienced with it, then suddenly at home you're presented with the same option to log into your bank account, you're going to say, 'I've seen this before, I'm familiar with it. I can work with this.'"

This familiarity aspect has particularly helped with biometrics, especially as technology has become more prevalent and increasingly built into business-grade equipment for the normal worker. "Biometrics have gone from something that you see in movies and don't really experience to something many have had hands-on experience with," Vamosi says. "Many laptops today have navigation pads that double as a biometric reader, and there's also facial recognition technologies in laptops with webcams. This is starting to come down to earth, and people are starting to see it in action and thinking it could be effective to authenticate them."

Year-over-year, biometrics has increased in perceived effectiveness among consumers by about seven percentage points, according to the report. Even better has been the jump in perceived effectiveness of one-time passwords, which shot up with consumers by 12 percentage points. Vamosi says technology improvements for better ease-of-use has been a big driver in consumers embracing one-time passwords.

"There's a lot of convenience coming out of the new technologies," Vamosi says. "A soft token can be generated in an application, it can be generated within a mobile phone, and the user doesn't necessarily have to key in the number from a separate keychain device."

Perhaps most interesting among the results, Vamosi says, is the dropping confidence in knowledge-based authentication. While it still remains the apple of consumers' eyes, there was a dip of about six percentage points in the overall vote of consumer confidence this year over last year.

"That could be the consumer's awareness of that technology being compromised," he says. "The most classic example was the Sarah Palin email attack a year or two ago. It has become clear to the consumer that the answer to those questions can be found on Facebook, or are easily guessable, so someone could potentially get into their bank account or email account."

About Author

Ericka Chickowski

Ericka Chickowski is an experienced business and technology journalist who specializes in coverage of IT security, regulatory compliance, business alignment, project management and IT employment.

In addition to her work for Dark Reading and InformationWeek, Chickowski’s perspectives on technology have appeared in a number of trade and consumer magazines, including CIO Insight, Baseline, Entrepreneur and Consumers Digest. She has covered the IT security industry extensively over the last six years, gaining particular insight and expertise while working as the West Coast bureau chief for SC Magazine. Chickowski graduated with a B.A. in English from the University of Washington and currently resides in San Diego. Readers may contact her at ericka@chickowski.com.

comments powered by Disqus

Subscribe for Newsletter

Stay connected to the best business technology content every week. Subscribe to our daily newsletter now!

Slide Shows

On demand Webcast

Future Proof your enterprise Mobile device security with Samsung KNOX

Convergence of mobile, social and cloud technologies is a major trend for enterprises today. Plus Consumerization of IT is driving a wide scale adoption of Android OS in the enterprise. Most CIOs and CISOs are concerned with the security challenges that enterprise mobility and Android brings. This webinar reviews the security challenges & threats associated with enterprise mobility and introduces Samsung KNOX, a new Android-based solution specifically designed to enhance security of the current open source Android platform. Date and Time: 3 April, 2014; 3:00 - 3:45pm Speaker: N S Amarnath, N S Amarnath, Senior Vice President, Samsung Electronics