Password Security Remains Consumer Bugbear

A new survey has revealed the frustrations felt by many consumers dealing with an ever expanding number of online passwords.

According to the survey published by the Ponemon Institute, a majority of consumers find password-based security frustrating, with nearly half encountering failed transactions due to authentication failures.

Password Frustrations

The survey, sponsored by authentication-technology startup Nok Nok Labs, found that consumers are unhappy with passwords, while at the same time sceptical about the security they provide. About three-quarters of US consumers find passwords frustrating and nearly half of all consumers do not trust Websites that rely on passwords, according to the survey of nearly 2,000 people.

“What is not a surprise is that no one is happy,” Jamie Cowper, director of business development for Nok Nok, told eWEEK. “They cannot do what they want to do online, because they are frequently getting locked out of sites.”

Yet, only a third of consumers are likely to forego using a site because it only used passwords for security.

Passwords are the most common, yet most problematic security measure that consumers encounter online. People frequently use weak or common passwords, opening up their accounts to brute-force guessing attacks. Yet, consumers who use stronger passwords frequently worry about forgetting the critical secrets and so reuse passwords across multiple sites. An analysis of the leaked password databases from Sony Pictures and Yahoo Voices found that nearly 60 percent of the 302 people with accounts on both sites reused their password.

Most consumers have at least five passwords, while almost a third have 10 passwords or more, according to a 2012 survey of password habits conducted by Janrain, a social-media infrastructure provider.

Biometric Option?

The Ponemon survey polled users in the Germany, the United Kingdom and the United States. More than half of US users would use a multi-purpose identity credential to securely log into Websites, higher than the 45 percent of UK respondents and much lower than the 62 percent of Germans who favoured a single credential for multiple uses.

An identity credential is a token, smart card, or smartphone app that typically verifies a user identity by something they have – the credential. By combining the credential with something that they know, such as a password, such multi-purpose credentials can provide stronger authentication than a password alone.

Users in different countries preferred different kinds of devices as a multi-purpose credential. The most US consumers – about a third – preferred mobile phones, while a similar number of UK consumers would opt for an ID card with an RFID chip. The most Germans, about 40 percent, would by far rather use a biometric-based device, the survey found.

“On one hand, you have people accepting of the idea of using stronger credentials,” Cowper said. “But people in other countries were also very accepting of biometrics; it was much higher than we thought it would be.”

Only one in a hundred people in any nation would consider an implanted chip to be an acceptable method of verification.

Can you look after your personal data online? Take our quiz!