Report: Consumers want better online authentication
17 April, 2013
category: Digital ID
Consumers don’t like user names and passwords and would rather have multi-purpose identity credentials that could be used across sites, according to a study from the Ponemon Institute.
In the U.S., 46% of individuals don’t trust systems that rely on user names and passwords for access. Another 38% don’t trust sites unless they require frequent password resets. “People expect more, especially when visiting a bank versus social media site,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “People are expecting businesses to do more on the authentication side.”
The idea of a multi-purpose identity credential to manage access to multiple sites is appealing with 51% of consumers interested. The multi-purpose identity credential would be managed by a trusted provider, who in turn licenses authentication capability to organizations providing cloud-based services such as banks, retailers, health care, government agencies and other Internet service providers.
But there is a caveat with multi-purpose credentials. “People do not want the credential to be a national ID and they don’t want it to violate their privacy,” Ponemon explains.
Consumers want retail banks to be the issuer of the credentials, with 61% of U.S. consumer stating that preference, followed by credit card and Internet payment providers. The least preferred issuer was law enforcement, Ponemon says.
The preferred form factor – 32% of respondents — for this multi-use credentials in the U.S. is the mobile phone, Ponemon says. Biometric authentication was second with 23% of respondents preferring that method.
Consumers are comfortable with the idea of using biometric for access to sites, Ponemon says. Voice was the preferred modality with 83% followed by facial recognition with 70%.
Nok Nok Labs, a group looking to change online authentication, commissioned the survey of 2,000 consumers from Ponemon. Phillip Dunkelberger, CEO at the organization, says one of his takeaways from the report is that consumers want to use a secure ID but they don’t want to be tracked. For example, consumers don’t like it when they shop on a site, go to a completely different, unrelated site, and see advertisements for products they had looked at previously.
“People want convenience but they don’t want it tied to a government agency or a big business,” Dunkelberger explains.
A PDF of the full report can be downloaded here.