If we were to be honest to ourselves, many of us would admit that we aren’t protecting ourselves online as well as we should. Virtually every website we visit nowadays requires a username and password. Because of this many have fallen into the trap of using the same username and password for multiple websites. Even many of those who want to be good by having numerous usernames and passwords have fallen into the trap of writing them down for easy access.
FICO has recently published the results from a survey they commissioned that looked at this issue in ten countries across the globe. This survey explored the current ways consumer authenticated themselves online and their thoughts on possible solutions. Some very interesting insights came out of this study including:
The study found that a large percentage of Americans are not taking the necessary precautions to secure their information online. For example, only 42 percent are using separate passwords to access multiple accounts; 17 percent of respondents have between two to five passwords they reuse across accounts; and 4 percent use a single password across all accounts. Additionally, less than a quarter (23 percent) of respondents use an encrypted password manager which many consider best practice; 30 percent are using high risk strategies such as writing their passwords down in a notebook.
OK, I get it. Having to remember unique usernames and passwords for many different websites can be daunting. At an earlier employer I had a password protected spreadsheet that kept the usernames and passwords for over fifty different sites. While I know this was poor form and probably violating some corporate policy, I had no other choice, there were just too many.
The currently method of authenticating by username and password simply doesn’t work in its current incarnation when a significant number of websites require their users to log in.
In the same article as the one quoted above, FICO makes a strong argument for biometric authentication as a viable replacement for the username and password conundrum.
However, while there is significant room to improve how consumers protect their login credentials, the survey also found that Americans are becoming more trusting of using physical and behavioral biometrics to secure their financial accounts. The survey found that 78 percent of respondents said they would be happy for their bank to analyze behavioral biometrics – such as how you type – for security and 65 percent are happy to provide biometrics to their bank; while 60 percent are open to using fingerprint scans to secure their accounts.
My colleague Tim Sloane has been advocating biometric authentication for some time. In a recent article Tim cited research that, contrary to what some say, biometrics are a very secure way to authenticate for virtually all of us.
At the end of the day, the current system of authentication via username and password used by many, many financial service sites and others, needs to be rethought. While I know there are people working on this, I think it is high time that a broader audience starts to stand up and demand this. The current system is putting too many businesses and consumers at risk.
Overview provided by Peter Reville, Director, Primary Research Services at Mercator Advisory Services.