Based on a survey conducted across nearly 2,000 U.S.-based consumers, the 2010 Authentication Report showed for online banking, 64 percent of consumer perceived that challenge-response questions were effective, compared to 58 percent who believed biometrics to be effective and 42 percent who thought one-time passwords worked well.
"This year we continue to find knowledge-based questions and challenge-response to still be the No.1 method that is familiar with consumers and perceived to be effective by them," says Robert Vamosi, an analyst for Javelin and the author of the report, which came out last week. "But this year, what was surprising was that one-time passwords and biometrics were starting to make a move on No. 1 and were performing better than we've seen in previous years."
Vamosi says this is partially attributed to improving technology and partially to growing familiarity with these alternative means of authenticating users.
"It starts in an enterprise environment and it moves into the home," Vamosi says of people's familiarity with authentication technologies. "If you go into your office and the IT department has imposed this new means of getting on the network and you become experienced with it, then suddenly at home you're presented with the same option to log into your bank account, you're going to say, 'I've seen this before, I'm familiar with it. I can work with this.'"
This familiarity aspect has particularly helped with biometrics, especially as technology has become more prevalent and increasingly built into business-grade equipment for the normal worker. "Biometrics have gone from something that you see in movies and don't really experience to something many have had hands-on experience with," Vamosi says. "Many laptops today have navigation pads that double as a biometric reader, and there's also facial recognition technologies in laptops with webcams. This is starting to come down to earth, and people are starting to see it in action and thinking it could be effective to authenticate them."
Year-over-year, biometrics has increased in perceived effectiveness among consumers by about seven percentage points, according to the report. Even better has been the jump in perceived effectiveness of one-time passwords, which shot up with consumers by 12 percentage points. Vamosi says technology improvements for better ease-of-use has been a big driver in consumers embracing one-time passwords.
"There's a lot of convenience coming out of the new technologies," Vamosi says. "A soft token can be generated in an application, it can be generated within a mobile phone, and the user doesn't necessarily have to key in the number from a separate keychain device."
Perhaps most interesting among the results, Vamosi says, is the dropping confidence in knowledge-based authentication. While it still remains the apple of consumers' eyes, there was a dip of about six percentage points in the overall vote of consumer confidence this year over last year.
"That could be the consumer's awareness of that technology being compromised," he says. "The most classic example was the Sarah Palin email attack a year or two ago. It has become clear to the consumer that the answer to those questions can be found on Facebook, or are easily guessable, so someone could potentially get into their bank account or email account."