The Turning Tide of Data Security
In the beginning, there was the Internet. And then the Internet gods populated it with basic services and applications. In that blissfully simple time, consumers had little to worry about. There were only a few passwords to remember, and only a little personal data was stored online. Now, however, in the rapidly evolving digital age, consumers have to manage and maintain dozens of passwords and other information-based login credentials to protect extremely valuable personal data. Do you remember who your best friend was in middle school? How about your favorite sports team when you were 10 years old? Those types of questions are what stands between you and your data (along with a password you also can’t remember).
In the past six years, 112 billion dollars have been stolen through identity fraud. It’s not hard to see why when the password for your banking app is the name of your dog plus your sister’s birthday (though still an upgrade from “password123”). This problem is only going to get worse as more services migrate online. The window for fraud and identity theft will continue to grow unless consumer behavior changes.
Thankfully, we are beginning to see a shift when it comes to digital identity and authentication. The barrage of security breaches in 2017 shows that big changes are needed in the world of digital identity. It was a wake-up call for traditional ways of securing data – most notably, for passwords. The “death of passwords” has been somewhat of a buzz term in the past, without many consumers paying it much mind, but now, after some of the worst data breaches in history coming in quick succession, there should be no doubt that passwords are no longer enough to secure personal data. Instead, consumers are making it known that they need alternatives.
Currently, there are many password alternatives: PINs, tokens, push notifications…but one alternative has been quietly growing in popularity – your biometrics.
The New Era of Authentication
A recent IBM Security survey revealed that security has become a top priority for consumers, above convenience or privacy – especially for applications and sites related to their finances. The survey, which had a little under 4,000 respondents, was a way to better understand global and generational consumer preferences around biometrics, passwords, and multi-factor authentication in relation to digital identity management.
Sixty-seven percent of respondents reported that they are comfortable using biometrics as an authentication method online, and 87 percent said they will be comfortable using biometrics in the future, presumably as the technology becomes more advanced. This will be a major change in the way consumers relate to the Internet and constitutes a turning point in the authentication landscape.
Biometrics are moving toward the mainstream, but people still have concerns. Mostly, there are concerns about how they are collected and stored. However, there are ways to securely collect and store biometric data. Companies offer the choice to have data stored on the device, within the organization’s servers, or split through a method called visual cryptography, like Veridium does it.
In addition, different generations vary in their relative comfort with using biometrics as authentication. Millennials, probably unsurprisingly, are more comfortable than older generations with leaving passwords behind and moving toward biometrics.
According to the survey, there are a few generational differences to take note of. One difference is that Millennials apparently put less care into password hygiene – they don’t create multiple passwords for different accounts, they don’t create complex passwords themselves, and they share – especially for those Netflix accounts! But, Millennials are also much more likely to use biometrics, multi-factor authentication, and password managers to improve their personal security. Seventy-five percent of 20 to 36-year-olds say they are comfortable with and would use biometric authentication.
Speaking as someone who falls within that age group, I can attest. The survey presumes that this is because younger people have less trust in passwords, to begin with, but that’s not necessarily true. We are swayed mostly by speed and convenience, and biometrics also happens to be more secure, which is a plus. Millennials are also more likely to delete an account held by a breached service provider and move to a competing site that hasn’t been affected. Basically, they’re more likely to take action and change their habits in the wake of a breach.
Older generations, on the other hand, are usually more careful with their password hygiene and are less ready to jump into biometrics and multi-factor authentication. However, speaking from experience, my parents’ passwords are very easy to guess, even if they change them on a more regular basis.
The difference in preferences between the older and younger generation may also tie into the fact that younger people are generally more comfortable dealing with new technology. This could also be why younger people have more digital accounts and are more concerned about securing all of them conveniently.
Since Millennials are growing into the largest percentage of today’s consumers, these trends are significant. They are already beginning to impact how employers and technology companies provide access to devices and applications, as Millennial consumers avoid providers who do not secure their data.
Preparing for the Biometric Authentication Revolution
Organizations need to adapt to shifting user preferences. They need to take advantage of platforms and solutions that provide their end-users with secure choices, such as biometrics and multi-factor authentication. As younger people migrate into the workforce and the digital space, allow them to use their mobile devices as their primary authenticator, and integrate solutions that favor biometrics in place of tokens or passwords.
The evolving threat and technology landscape has revealed the challenges with traditional login methods. Consumers are constantly being affected. They know that the threats to their digital identities are growing, and will keep growing if organizations rely on passwords and personal information to authenticate users online. The data we once used to protect ourselves is now a secret shared between you and hackers – it’s a lost cause.
It’s time to adopt more advanced methods of proving identity. The answer is biometrics, perhaps even behavioral biometrics, which add an additional layer of security by analyzing exactly how you interact with your device.
Biometrics are the future of identity, and with IBM’s comprehensive study, we have more proof that people want that future. But there’s a catch – consumers are actually going to have to adopt these new technologies. They’ll need to have mass appeal and consumption, and they’ll have to be easier to use than passwords. To do this, organizations will need to make identity authentication a positive user experience, which has been a consistent challenge for them.
One final thought – data breaches are not inevitable. There are steps that organizations and consumers can take together to stop them from happening. User preferences, habits, and attitudes will ultimately dictate adoption of new methods of authentication. The path to a passwordless world is still a long way away, and consumers will be the ones who lead the charge – so make it easy for them!