Perimeter
8/27/2015
08:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Consumers Want Password Alternatives

Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.

Consumers would be very much behind the elimination of passwords from the online environment if retailers, banks and other services could get it together to institute an alternative, according to a new survey out this week.

The study showed that, as things stand, most consumers are not confident in online brands or the efforts they've made so far to supplement password security. And, like many password surveys before it, this one shows once again that part of that mistrust stems from consumers' admitted inability to effectively manage password hygiene for their own accounts.

“Passwords are inherently insecure as a method of authentication, and their efficacy relies on end users, developers, system administrators, and the applications themselves, all of which are vulnerable to a wide variety of attack vectors currently being exploited by cyberattacks around the world," says Geoff Sanders, CEO of LaunchKey, which conducted the survey among 589 respondents.

The report confirms similar numbers from past surveys. For example, 68 percent of respondents reuse passwords across multiple accounts and 77 percent often forget passwords and have to write them down. This comes largely from the volume of login details they must remember. Nearly half of respondents have to manage more than 10 passwords at a time.

In spite of many major brands working on efforts to institute two-factor authentication, nearly two-thirds of consumers are still unfamiliar with these additional authentication methods and only about 20 percent believe they are easy to use, according to the survey.

Another survey out this week by Ponemon Institute shows that growing awareness of two-factor methods have started to up the ante on consumer perception of password security online environments. Looking at what drives consumer confidence in online brands, the study showed that 31 percent of consumers don't trust websites that only rely on passwords to identify and authenticate them.

Tellingly in the LaunchKey survey, 52 percent of survey respondents said they had little to no confidence in online retailers and 76 percent feel their data would be more secure with an alternative form of verification. Just over half of them support the idea of getting rid of passwords altogether. Approximately 59 percent of respondents say they'd prefer using fingerprint scans over passwords.

"The future of authentication is free from traditional passwords,” Sanders said. “We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversified landscape of use cases, end users and threats.”

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sillieabbe
50%
50%
sillieabbe,
User Rank: Apprentice
9/7/2015 | 4:04:50 AM
A passwordless world would bring a nightmare.
In a world where we live without remembered passwords, say, where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. Is this what we want?
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Darn - typed UNICORN instead of UNICODE.  
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.