Let's face it: Even with all of the publicity surrounding password breaches, email and Facebook hacks, and more and more everyday people experiencing compromised accounts -- you most likely have relatives and friends who've now been there -- most consumers still don't create complex passwords.
You can't blame them. They want to use something they can actually use (as in remember), and they want convenience when they log into a website, social network, or email account. They're hearing that they should have a strong password with a mix of upper- and lowercase characters, numbers, and symbols, but the reality is, they don't want to worry about forgetting it when they need it. Which, of course, is exactly what's happening.
According to a new Ponemon Institute study, around 70 percent of consumers in the U.S., U.K., and Germany have forgotten one of their passwords because it was too long or complex to remember, with 61 percent saying they were locked out of an online account due to some sort of authentication process failure. Sixty-three percent of U.S. consumers say that failure was due to a forgotten password, username, or response question.
Some 46 percent of U.S. consumers were unable to finish their online transactions due to an authentication failure with passwords, according to the survey.
The study, which was commissioned by Nok Nok Labs, shows that consumers (some 70 percent) are getting fed up with passwords and today's authentication processes. Meanwhile, the troubled password model remains the norm despite developments in stronger and more efficient authentication processes. Most organizations just can't seem to shake the password, even as the more aggressive ones, such as banks, add multiple factors of authentication.
Consumers are looking past passwords, though. And surprise, surprise: Biometrics, which not long ago left most consumers and corporate users uneasy and queasy about their fingerprints, irises, and faces being used to ID them, is now becoming more palatable. The majority of consumers from the Ponemon survey say they consider biometrics a viable option for authentication with banks, credit card companies, healthcare providers, email providers, government agencies, and other "trusted" organizations. As long as those organizations don't have direct access to biometric data, that is.
They favor voice recognition (83 to 91 percent), facial scans (65 to 72 percent), hand geometry (57 to 65 percent), and fingerprints (56 to 62 percent) the most, but eye scans are fine with half of the consumers in all three regions.
So maybe, just maybe, consumers could end up being the catalyst that finally kills off the password. If password problems increasingly interfere with their online transactions for products or services, then something's gotta give.
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio