Sometimes I think passwords are nothing but trouble for the security world. It seems like virtually every breach somehow involves passwords, whether it is because passwords are guessed to allow for the breach, or more often, the passwords are stolen and used in subsequent thefts. In April, while at the RSA Conference, I reported on a panel discussion that summed up the reason why passwords are still our primary form of authentication: We have a comfort level with them and no one is really that interested in change.
However, that attitude might actually be changing. New research from Accenture found that the majority of consumers are ready and willing to put aside passwords and try a different form of authentication. It’s a pretty large majority, too. According to the study, 60 percent of the 24,000 surveyed said they find the username/password combination to be cumbersome, while a whopping 77 percent said they’d be interested in using an alternative authentication method to protect their online information.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Consumers may be onto something here. The most recent edition of PYMTS.com’s Digital Identity Tracker reported why so many risks are involved in the username/password combination. As reported by Virtual-Strategy Magazine:
While Merchants are working hard to encrypt data to prevent account take-over, consumers are putting their digital identity at risk for the sake of convenience, as 45% of Americans are using the same username and password across multiple accounts, according to a recent study.
What would those alternative forms be? An eWeek article pointed toward biometrics, something I’m hearing about more and more frequently. Other alternatives, Robin Murdoch, managing director of Accenture's Internet and social business segment, told eWeek include some of the standard options, like two-factor or multi-factor authentication, but also better device encryption and managed passwords. Murdoch stated:
Device encryption protects local device data from offline hardware attacks using a file-based encryption filter. The user's device-lock PIN protects the master key for the encryption.
The bottom line is that consumers have figured out that passwords are a flimsy shield of protection between their sensitive information and cybercriminals. They can only trust that businesses do all they can to protect that information. In the past, they settled for passwords because that’s what they knew and were used to. Unfortunately, we’ve learned that comfort doesn’t take you very far in the security world. The question now is this: Will businesses listen to consumers and take the next step into the post-password world?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba