Вы находитесь на странице: 1из 27

IBM Security: Future of

Identity Study
Consumer perspectives on authentication:
Moving beyond the password

Click here to start ▶


◀ Previous Next ▶

Contents Introduction While consumer personal information has been


compromised on an ongoing basis for years,
The concept of granting digital access to users
Introduction the massive data breaches of 2017 removed all
1 • 2 based on proper identification has been the very
doubt: Criminals clearly have access to the very
core of how people access online services since the
information that many banks, companies and
Survey at a glance emergence of the public internet in the 1980s. The
other businesses use to grant their users remote
power of confirming an identity and being granted
access to services. Even social security numbers,
Security over access to services of value has attracted billions of
which are considered highly private and sensitive
convenience users to the internet, and as society moved to this
personal information, were exposed for hundreds
parallel universe, so have other parts of it, namely
of millions of consumers in 2017.
Biometrics are the future, fraudsters, con men and organized crime.
but not without security
concerns Recent data breaches have been a resounding
In the past six years, USD 112 billion has been
wake-up call to the fact that new methods are
stolen through identity fraud, equating to USD
The age gap around needed to validate our identities online. In an era
35,600 lost every minute. The more services are
passwords where personal information is no longer private,
offered to the general public—with additional
and passwords are commonly reused, stolen or
Around the world: Cultural
features for convenience and usability that rely on
cracked with various tools, the traditional scheme
perspectives vary the internet—the wider the window of opportunity
of accessing data and services by username and
for attackers. Javelin Strategy Research expects
password has repeatedly shown to be inadequate.
Takeaways: The future of fraud related to the creation of new online accounts
authentication to rise as much as 44 percent by 2018, increasing
losses from USD 5 billion to USD 8 billion in a
About IBM Security matter of four years.

About the author

In the past six years, USD 112 billion has been stolen through identity fraud,
equating to USD 35,600 lost every minute.

2
◀ Previous Next ▶

Contents Evolving authentication methods


Evolution in authentication schemes that move
Introduction away from passwords has thus been a natural
1 • 2
and necessary progression to help secure both
individual identities and the organizations providing
Survey at a glance
consumers with services. In an effort to replace
traditional passwords, biometric authentication
Security over
convenience
options—such as fingerprint or facial recognition,
keystroke dynamics and voice recognition—are
Biometrics are the future, becoming more widespread and are seeing Thus, the widespread introduction of multilayered
but not without security increasing popularity amongst the general authentication options represents a major change
concerns population. The use of fingerprints to access the in the way that we relate to the web. Biometric and
latest smart devices is now pervasive, and newer other forms of multilayered authentication are often
The age gap around identification models, like facial recognition, quickly presented to users as options that they can choose
passwords rose to the forefront in 2017. The latest iPhone and to adopt (or not) in a variety of ways—such as
Samsung smartphone models now offer login via choosing to log in via fingerprint versus PIN, setting
Around the world: Cultural facial recognition, as do banks and ecommerce
perspectives vary up knowledge-based answer questions to verify
shops, and the method is likely to see rapid logins, or adding an additional step of verification
mainstream adoption in 2018 given the smartphone for certain access events or transactions.
Takeaways: The future of
authentication vendors’ huge consumer base.
Users will ultimately choose whether or not
About IBM Security While biometric authentication has gained to implement new security features being
popularity in recent years, the simple scheme made available. Therefore, it is critical to better
About the author of username and password has been the most understand their concerns and preferences around
common form of accessing services online for emergent types of authentication and to evaluate
decades. This pattern of internet usage—and how these views could impact the future of identity
the visual of the simple sign-in box—are both and access.
now deeply embedded in the average internet
user’s psyche.

3
◀ Previous Next ▶

Contents Survey at a glance The 15-minute online survey totaled responses


from 3,977 adults across the United States (US),
Survey methodology
Introduction European Union (EU) and Asia-Pacific (APAC)
IBM Security commissioned a global survey to
regions, including:
Survey at a glance gain insight into consumer perspectives on current
authentication methods—from passwords and
• US: 1,976 respondents
Security over biometrics to multifactor authentication schemes—
• EU: 1,004 respondents (United Kingdom,
convenience as well as their adoption rates and concerns about
France, Italy, Germany, Spain)
functionality and security.
• APAC: 997 respondents (Australia,
Biometrics are the future,
India, Singapore)
but not without security
concerns

The age gap around


passwords Key takeaways
Respondents prefer security over convenience, Younger generations expect stronger inherent
Around the world: Cultural particularly for their financial apps and accounts. security from their providers and are more likely
perspectives vary to switch providers in the aftermath of a breach.
Biometrics are indeed seen as part of the
Takeaways: The future of future, but change does not come without Location influences access, perception and
authentication concern—particularly when it comes to privacy familiarity with more advanced authentication
and how that data is collected and stored. techniques, with APAC being the most
About IBM Security knowledgeable and comfortable with tactics
Age is a major influence on attitude toward like multifactor authentication and using
About the author security and overall security practices; older biometrics as part of such schemes.
generations set the bar for better password
habits, while younger generations were
more likely to take preventative steps
like using a password manager and
multifactor authentication.

4
◀ Previous Next ▶

Contents Security over convenience


The debate and trade-off between security and Seventy-four percent of respondents who
Introduction privacy versus convenience is an old one. Users would be willing to use more than one
naturally prefer smooth interaction with services, password or way to authenticate would do
Survey at a glance so for added security.
and providers have ample incentive to facilitate that
experience. But things are not always as simple
Security over
when risk levels rise, and technology or service
convenience
providers are forced to add security measures For apps related to finances (banking, investing
1 • 2
to existing customer journeys in order to prevent and budgeting), people vastly ranked security as
abuse and fraud—not to mention protecting top priority (70 percent on average) over privacy
Biometrics are the future,
but not without security enterprise environments, where access controls or convenience (16 percent and 14 percent
concerns are even more critical. respectively)—yet when it came to social
media, convenience took a slight lead (36 percent
The age gap around Where do users most appreciate the criticality of convenience, 34 percent security,
passwords security, and where do they make trade-offs for 30 percent privacy).
convenience? It turns out that users place more
Around the world: Cultural value on certain types of data, and as a result will Unfortunately, even with growing awareness
perspectives vary
prioritize security and privacy in some cases, while about the value of data shared by users on social
prioritizing speed and convenience in others (see media, people still seem to weigh convenience
Takeaways: The future of
Figure 1). and security equally when it comes to accessing
authentication
their social media accounts—a trend that reveals
About IBM Security
a general ambivalence about the dangers of lax
personal security for social media accounts.
About the author

5
◀ Previous Next ▶

Contents This is particularly alarming in light of the fact Results showing a penchant for speed and
that nowadays, many consumers opt to use convenience shed light on a growing interest in
Introduction their Facebook, Twitter and Google accounts biometrics that can provide an added layer of
to authenticate and access other applications security without burdening the user. A fingerprint,
Survey at a glance and services. Many popular services that house which is the most popular biometric, is rather
sensitive information, like delivery services, online unique, does not require memorizing, can’t be
Security over shopping and dating apps, encourage users to log kept on a piece of paper or shared like a
convenience in using their social accounts. Therefore, if one of password or forgotten, and—most of all—it’s
1 • 2
these social/email accounts is compromised, there both fast and convenient.
could be a domino effect on how many additional
Biometrics are the future,
but not without security accounts may also fall into the attacker’s hands.
concerns
80 76%
71%
The age gap around 70
63%
passwords
60 54%
50%
50 46%
Around the world: Cultural
perspectives vary 40 34% 36%
32% 30% 31% 30%
30
23%
Takeaways: The future of 20%
20 16% 17% 19%
authentication 14% 13% 13%
11%
10
About IBM Security 0
Bank apps Investing app Budgeting app Online Workplace app Email app Social media
marketplace app
About the author
Security Privacy Convenience

Figure 1. App or account types respondents cared most to protect (global perspective)

6
◀ Previous Next ▶

Contents Biometrics are the future, but not


Introduction
without security concerns of respondents are

Survey at a glance
Of the top most-secure elements, as perceived by
respondents, fingerprint ranked first by 44 percent,
67% comfortable using biometric
authentication today.
retinal scan ranked second (30 percent), and
Security over alphanumeric passwords ranked third (27 percent)
of respondents would
convenience (see Figure 2). Digital PINs and facial recognition
consider using different
Biometrics are the future,
tied for 12 percent. 87% types of biometric
but not without security
authentication in the future.
Interestingly, while fingerprint ranked first, full
concerns handprint only reached sixth position with 10
1 • 2 • 3
percent of respondents perceiving it to be a secure
authentication. The audible methods, such as voice
The age gap around
passwords or heartbeat recognition, were last on the list.

Around the world: Cultural Fingerprint 44%


perspectives vary
Retinal (eye) scan 30%

Takeaways: The future of Alphanumeric password 27%


authentication Digital PIN 12%

About IBM Security Facial recognition 12%

Handprint 10%
About the author
Voice recognition 6%

None of the above 6%

Heartbeat recognition 4%

Figure 2. Authentication methods perceived as most secure (global perspective) 0

7
◀ Previous Next ▶

Contents Biometrics are becoming more popular than ever, When it came to their concerns over the use of
but privacy concerns over how they are stored biometrics as an authentication method, users also
Introduction and secured persist. Because biometric data can worried about how biometrics might be stored and
be used to identify an individual beyond doubt, the potential for compromise. While trust levels
Survey at a glance consequences of compromise are grave. about securing biometrics were relatively high in
some regions, one quarter of survey respondents
Security over Findings regarding people’s biggest concerns with do not trust any organization to protect their
convenience
biometric authentication were not very surprising biometric data (see Figure 4).
and matched with trending issues reported in
Biometrics are the future,
the media (see Figure 3). Those concerns are
but not without security People’s biggest concerns with biometric
concerns security and privacy, more so than ease of
use or functionality. authentication are privacy and security
1 • 2 • 3
(55 percent and 50 percent respectively).
The age gap around
passwords
I’m concerned about how 55%
data collection is used
Security

Around the world: Cultural


perspectives vary I’m concerned about people using
fake/spoof biometrics to access 50%
my information
Takeaways: The future of
authentication
I’m concerned it wouldn’t work 41%
About IBM Security
Functionality

I think it would be hard to set up on


37%
About the author my computer or device

It’s more difficult to use than


30%
a regular password

Figure 3. Biggest concerns linked with biometric authentication (global perspective)


0

8
◀ Previous Next ▶

Contents
Forty-four percent of respondents view Trusting organizations to keep biometric data
Introduction fingerprint biometrics as the most secure varied greatly by industry, with banking
secure method of authentication, while leading as the most trusted. Forty-eight percent of
Survey at a glance alphanumeric passwords and digital PINs people would trust a major financial institution the
were seen as less secure (27 percent and 12 most with their biometric data, while only 15 percent
Security over would trust that data to major social media sites.
percent respectively).
convenience

Biometrics are the future,


but not without security On a ranking of different provider types who may
concerns
use biometrics as part of the user authentication
1 • 2 • 3
process, major providers were more trusted to
secure biometric data than the smaller, regional or
The age gap around
passwords niche providers.

50 48%
Around the world: Cultural
perspectives vary
40
Takeaways: The future of
authentication 29%
30
25%
23%
About IBM Security 19%
20
16% 15%

About the author 10

1%
0
tio l

tio l

sit l
id h

id l

er
sit e

ov f
itu cia

ov na
itu ia

ia cia

ab o
ov alt

ng lin

th
st nc

e ne
n

e
er

er

e
pr gio
st n
pi on

ed o
pr e

O
in fina
in fina

m jor s
e /h

th No
re re
op or
nc re

ca al/
sh aj

r
or

a
ra ca

le

M
M

th c
aj

al
su lth

al Lo
M

Sm
in ea
rh
ajo

he
M

Figure 4. Types of organizations people trust MOST to protect their biometric data (global perspective)
9
◀ Previous Next ▶

Contents The age gap around passwords


Password best practices are a very prominent • Millennials (ages 20 – 36) put the least
Introduction amount of effort into password safety: on
subject in the information security world—but
although most people are well aware that strong average, only 42 percent use complex
Survey at a glance passwords (versus 49 percent of those
passwords are more secure, survey responses
revealed a generational divide when it comes to 55+), and 41 percent reuse the same
Security over
acting on that knowledge (see Figure 5). The older password multiple times (versus 31
convenience
generation takes password security more seriously, percent of 55+).
Biometrics are the future, while younger people put the least amount of effort • On average, people aged over 55 use
but not without security into password best practices. However, the data 12 passwords, while millennials use 8
concerns revealed that younger generations will take other passwords, and Gen Z (ages 18 – 20)
actions to secure their accounts, such as setting up averages only 5 passwords, which could
The age gap around a password manager or multifactor authentication.
passwords
indicate a heavier re-use rate considering
1 • 2 • 3 most people have more than 5 accounts.

Around the world: Cultural


perspectives vary 50 49% 49%
47%
45%
42% 41%
Takeaways: The future of 40
39%
authentication 35%
31%
30 28%
About IBM Security
20
About the author

10

0
18-24 25-34 35-44 45-54 55+

Complex password (e.g. with different capitalization or characters, mix of numbers and letters)
Recurring password (the same password you use in other places)

Figure 5. Password habits by age groups (global perspective)


10
◀ Previous Next ▶

Contents Password reuse is known as a risky practice that Generational differences also showed striking
can enable compromise across multiple accounts, variances in terms of attitude toward security
Introduction even if just one password has been exposed. (see Figure 6). When given the choice between
saving time and employing a more secure form of
Survey at a glance authentication, people under the age of 34 were
Seventy-five percent of millennials are
most likely to prefer a speedy experience to a more
Security over comfortable using biometrics today,
secure way to authenticate, if it were shown to save
convenience versus only 58 percent of those over age 55.
them one to ten seconds. The older generation was
not likely to ever make the same tradeoff.
Biometrics are the future,
but not without security
concerns Convenience versus security varies by age
100

The age gap around 84%


passwords 80 72%
1 • 2 • 3
58%
60 53% 55%
Around the world: Cultural 47% 45% 42%
perspectives vary 40
28%
Takeaways: The future of 20 16%
authentication
0
About IBM Security I would use a less secure method of authentication I would never trade security for convenience
if it saved me 1-10 seconds

About the author 18-24 25-34 35-44 45-54 55+


Figure 6. Trading off security for time or convenience (global perspective)

11
◀ Previous Next ▶

Contents With those findings in mind, it is not surprising like enabling two-factor authentication, or ceasing
that younger generations would opt to use to use an app or service entirely if their data was
Introduction authentication that saved them time. The survey compromised by that provider.
found that younger generations already have
Survey at a glance experience with, and have used, biometrics in the The survey found that millennials were more likely
past, while older generations were much less likely to take the following actions in wake of a breach:
Security over to say the same.
convenience
• Enable two-factor authentication (32 percent
versus 28 percent of the general population)
Biometrics are the future,
According to the survey, 36 percent of • Stop using an app or service that was affected
but not without security
concerns those ages 18 – 20 say they use password (25 percent versus 21 percent of the general
managers to keep passwords and avoid population), moving to a competitor’s service
The age gap around having to memorize them, compared
passwords to only 26 percent of users in the As younger generations are more likely to take
1 • 2 • 3 general population. action to secure their accounts after a breach
has taken place, they may expect more inherent
Around the world: Cultural security from their providers, and therefore place
perspectives vary less emphasis on personal password hygiene in
Younger generations take action in the wake
of a breach the first place.
Takeaways: The future of
authentication What influences users of different generations
to make changes to their authentication habits? Additionally, the survey revealed that younger
While younger generations were shown to be less generations are more likely to use a password
About IBM Security
concerned about password security in general, manager, a tool which assists in generating and
About the author our results showed that they were more likely to retrieving complex passwords.
make changes to their authentication habits in the
wake of a data breach—taking mitigating actions

12
◀ Previous Next ▶

Contents Around the world: Cultural The slower adoption of new technologies
(see Figure 7) may be part of the reason why
Introduction
perspectives vary
respondents in the US were the least familiar or
Technology and biometric adoption
comfortable with biometric authentication methods,
Survey at a glance Availability and culture influence the use of digital especially since those have been embedded
assets, technology and gadgets—and they affect into popular personal devices in recent years.
Security over the attitudes respondents have about securing The survey found that US respondents lagged
convenience devices and using different types of authentication. behind APAC and Europe in comfort and usage of
biometrics—and in fact, 23 percent of respondents
Biometrics are the future,
but not without security
in the US said they are not interested in using
concerns biometrics now, or in the near future (see Figure 10).

80 74%
The age gap around
passwords 70 66%
57% 59%
60
53%
Around the world: Cultural 50 47%
perspectives vary 42% 40%
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 40
30%
30
Takeaways: The future of 20
authentication
10

About IBM Security 0


I like finding technologies I like to incorporate technology I am the first among my friends
that make my life easier into all aspects of my life to try new technologies
About the author
APAC EU US

Figure 7. Comfort with current and new technology

13
◀ Previous Next ▶

Contents But while they did not rush to adopt biometrics


per se, US respondents were the most aware of Seventy-nine percent of US respondents
Introduction security threats and indicate having heard about were aware of data breaches in the past
data breaches in the recent past (see Figure 8). In year (versus 70 percent in APAC and 69
Survey at a glance spite of awareness that major breaches take place, percent in EU).
a large proportion of US users do not believe that
Security over breaches are inevitable, which would suggest they
convenience
believe that security measures can be taken to
prevent them.
Biometrics are the future,
but not without security
79%
concerns 80
70% 69%
70
The age gap around
60
passwords
50

Around the world: Cultural 40


perspectives vary 28%
30
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 23%
20%
20

Takeaways: The future of 10


authentication
0
Have heard of data breaches Believe that having security or data
in the last year breaches is inevitable
About IBM Security
APAC EU US
About the author
Figure 8. US ranked highest in awareness of technological threats

14
◀ Previous Next ▶

Contents Knowing about the occurrence of major breaches multifactor authentication, but not as many would
but believing they can be avoided seems to opt for biometric authentication as a means to add
Introduction translate into US respondents’ willingness to use a layer of security (see Figure 9).
more security. In that sense, they would opt for
Survey at a glance
80%
80
Security over 73%
70%
convenience 70

60
Biometrics are the future,
but not without security 50 46% 46%
43%
concerns 39%
40 35%
29%
The age gap around 30
passwords 20

10
Around the world: Cultural
perspectives vary 0
Would use multifactor Would use multifactor authentication Currently use fingerprints to
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 authentication for added security if the site/system/app I was using unlock my smartphone
flagged my activity as irregular/abnormal
Takeaways: The future of APAC EU US
authentication
Figure 9. US respondents would use multifactor authentication but won’t necessarily opt for biometrics
About IBM Security

About the author

In APAC countries, respondents are disposed to adopt new technologies.


The US lags in comparison with APAC and Europe when replying to
questions about device ownership and likelihood of adopting new technology.

15
◀ Previous Next ▶

Contents When it came to use of multifactor authentication


in other regions, European respondents overall • Europe had the strongest password
Introduction displayed a strong concern for security—and a practices, with 52 percent of
willingness to use strong passwords—however respondents using complex passwords
Survey at a glance they were the least likely to use multifactor (compared
authentication for added security, even in the wake to 46 percent in APAC and 41 percent in
Security over of a data breach. the US).
convenience
Cultural differences and • European respondents were the least
Biometrics are the future,
authentication methods likely to say they would use multifactor
but not without security
concerns As for the current use of biometric authentication, authentication for improved security
differences emerged between US, EU and APAC (70 percent more likely, versus
The age gap around respondents, highlighting the effect of cultural 73 percent in APAC and 80 percent
passwords influences on how users perceive and use different in the US).
means to authenticate their online identities.
Around the world: Cultural
perspectives vary
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9

Takeaways: The future of


authentication

About IBM Security

About the author

European respondents displayed concern for good


password practices, but were less likely to enable
multifactor authentication on their accounts.

16
◀ Previous Next ▶

Contents 100 94%


88% 87%
Introduction 80 78% 77%
65% 67%
61%
Survey at a glance 60 57%
45%
Security over 40%
40 34%
convenience
23%
20 13%
Biometrics are the future, 12%
6%
but not without security
0
concerns Knowledgeable about Comfortable using Interested in using Not using biometrics
bioauthentication biometrics today biometrics in the future now or in the future
The age gap around APAC EU US Global average
passwords
Figure 10. Knowledge and comfort with biometric authentication

Around the world: Cultural


perspectives vary When it comes to biometrics, APAC stood out as The comfort level with biometric authentication
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 the region with the highest knowledge, comfort and methods is growing in Europe as well, but US
current usage of biometrics (see Figure 10). This respondents remain less knowledgeable and more
Takeaways: The future of trend is unsurprising, given APAC respondents’ skeptical, and seem to prefer waiting before turning
authentication stronger inclination to adopt new technologies to biometrics for authentication purposes.
(see Figure 7), as well as novel use cases for
About IBM Security biometrics being piloted with consumers in APAC, The overall picture of biometrics use in the US
such as Alibaba launching “smile to pay” in KFC shows that it lags furthest behind on biometric
About the author restaurants in China. adoption—especially with about a quarter of
respondents saying they are not interested in using
biometrics now, or in the near future.

17
◀ Previous Next ▶

Contents Easier and more secure biometrics could make life easier by removing
When it comes to seeing biometrics as being both the need to remember additional passwords
Introduction easy to use and more secure, respondents in some (see Figure 11).
regions were more convinced than others.
Survey at a glance
It was not surprising to see that APAC respondents,
Over 70 percent of people in APAC
once again, are most inclined to perceive biometric
Security over said biometrics increase security and
authentication as the more convenient and secure
convenience protection of identity.
option. Respondents in APAC generally felt that
Biometrics are the future,
but not without security 80 75%
concerns 72%
68% 69% 68%
70 66% 66% 65%
63% 61% 62% 62% 62% 60%
60 57%
The age gap around 54%
passwords 50

40
Around the world: Cultural
perspectives vary 30
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 20

10
Takeaways: The future of
0
authentication Increased security Increased protection Not needing to remember Ease of
of identity passwords use/convenience
About IBM Security APAC EU US Global average

About the author Figure 11. Perceived benefits of biometric authentication

18
◀ Previous Next ▶

Contents EU respondents typically ranked the same 80 74%


parameters a few percentage points under the 70 68%
64% 66%
Introduction APAC respondents, and US respondents were
60
the least likely to see the benefits of biometric
50
Survey at a glance authentication, ranking 11 – 12 percentage points
under the APAC segment for each parameter. 40
Security over 30
convenience
No matter the preference, respondents in all 20
geographies agreed that authentication methods
Biometrics are the future, 10
but not without security
need to change to protect against data breaches
0
concerns (see Figure 12). APAC respondents were most How we log in and/or access sites/systems/apps needs
anxious to see improvement. to change to help protect people against data breaches

The age gap around APAC EU US


passwords Concern levels also influenced by geography
Figure 12. APAC users want to see authentication methods
As this survey reveals, the use of biometrics to improve to enhance security
Around the world: Cultural authenticate identity is influenced by culture and
perspectives vary technology adoption. Also, concerns over biometric
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9
authentication affect adoption rates—in particular
concerns over how biometric data is collected, Over 65 percent of people in APAC believe
Takeaways: The future of biometrics are easier to use than passwords.
stored, shared and may be compromised,
authentication
highlighting both security and privacy risks.
About IBM Security

About the author

US respondents were least likely to see the


benefits of biometric authentication.

19
◀ Previous Next ▶

Contents When it comes to the influence of location on


When it came to concerns about using concerns over some aspects of using biometric
Introduction biometrics, respondents worried more about authentication, those most knowledgeable about it
the risk of compromise than the technical were also the most concerned about the possibility
Survey at a glance challenges of getting set up (50 percent of biometric data being misused (see Figure
versus 37 percent). 13). APAC respondents ranked highest among
Security over the other regions in concern over use of fake or
convenience
spoofed biometric data to access their information.

Biometrics are the future, 60 58%


but not without security
concerns 50%
50 46%
45%
41%
The age gap around 40 36% 37%
passwords 33%
30

Around the world: Cultural


20
perspectives vary
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 10

Takeaways: The future of 0


Concerned about people using fake/spoofed Concerned that biometric authentication would
authentication
biometrics to access my information be hard to set up on my computer or device

APAC EU US Global average


About IBM Security
Figure 13. Concerns about biometrics – Geographical comparison versus global average
About the author

20
◀ Previous Next ▶

Contents 60 57%

50
Introduction 44% 42%
40
Survey at a glance
30 28%
Security over 23% 22%
19%
convenience 20
11% 12%
10
Biometrics are the future,
but not without security
0
concerns Major financial institution Major online shopping app Major social media app
or website or website
The age gap around APAC EU US
passwords
Figure 14. APAC users are most likely to trust their biometric data to major financial institutions

Around the world: Cultural


perspectives vary Although they did express concern, APAC
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 respondents still trust their providers to protect • Fifty-seven percent of APAC
biometric data (see Figure 14). US and EU respondents still trust their financial
Takeaways: The future of respondents were much less likely to trust their institution to protect their biometric
authentication biometric data to their service providers: data (versus 42 percent in the US and
44 percent in EU).
About IBM Security
• Twenty-eight percent of APAC
About the author respondents trust major online
shopping providers to do the same
(versus 19 percent in the US and 23
percent in EU), and 22 percent believe
social media sites can protect their
biometric data (versus 12 percent in the
US and 11 percent in EU).

21
◀ Previous Next ▶

Contents Takeaways: The future of Consumers are security-aware

Introduction
authentication Key takeaways from this IBM Security survey show
In view of the ever-escalating risk to our digital that respondents are already quite familiar with the
identities and constant enhancements in the tools different authentication schemes in use today. They
Survey at a glance
available to authenticate our identities online, are security-aware and understand the types of
developing more secure and strategic approaches data they consider most worth protection, even in
Security over
to authentication is a major priority across the the cases where they prefer convenience.
convenience
current business, services and security landscapes.
Biometrics are the future, Within the overall concept of turning to newer
but not without security To minimize illegitimate access while still authentication models and biometrics, respondents
concerns offering a full range of services to legitimate did prefer particular types of identifiers and had
customers, identity and access management less trust that others were as secure. Most people
The age gap around providers have long been looking for new ways leaned toward using a fingerprint—a comfort and
passwords familiarity level that stems from its prominence
to enhance the security and user experience of
identity authentication. But managing risk is only in the marketplace and its integration into both
Around the world: Cultural
one of aspect of the ongoing race to improve Android and iPhone smartphones in recent years.
perspectives vary
authentication—user preferences, habits and
Takeaways: The future of
attitudes will weigh heavily on the actual adoption
authentication and use of new authentication platforms.
1 • 2 • 3 • 4

About IBM Security

About the author

User preferences, habits and attitudes will


largely determine which authentication
platforms will succeed in the marketplace.

22
◀ Previous Next ▶

Contents Biometrics on the horizon one-time passwords or biometrics when signing


What will the future of authentication look like in the into workplace services, businesses can reach
Introduction next few years? It is not hard to see that users are a higher level of confidence that they’re working
getting more familiar with and warming up to the to keep hackers out—although they often risking
Survey at a glance frustrating their users in the process.
idea of trying biometrics in the near future.

Security over For organizations that offer digital services to


Information technology decision makers have
convenience
perhaps the highest level of investment in consumers, forcing a user’s hand (or fingerprint)
society’s adoption of safer authentication, as when it comes to signing in can result in lost
Biometrics are the future,
but not without security their organizations stand to lose most from the revenue. That’s most likely why these security
concerns poor password practices of their employees and options are being presented to consumers as
customers. By mandating that employees adopt an added convenience, or under the badge of
The age gap around authentication mechanisms like hardware tokens, progress and innovation from their service provider.
passwords

Around the world: Cultural


perspectives vary

Takeaways: The future of


authentication
1 • 2 • 3 • 4

About IBM Security

About the author

Enhancing security while, at the same time, making identity authentication


a positive user experience is the challenge facing organizations today.
Learn how to balance security and convenience with "silent IAM."

23
◀ Previous Next ▶

Contents Offering choice is key to adoption Investing in access management technology that
Results of the survey show that people will allows administrators to give their users flexibility
Introduction adopt the authentication methods that best fit can also help organizations remain more secure
their personal preferences, which are influenced while giving employees a feeling of empowerment
Survey at a glance and control over how they choose to authenticate.
by factors like age and culture. Organizations
and service providers can use this knowledge
Security over Consider a risk-based approach
to manage authentication risks as their users
convenience
get more comfortable with multifactor and even Another way to enhance security is through
biometric authentication. Providing users with a the adoption of risk-based approaches to
Biometrics are the future,
but not without security choice between multiple different authentication authentication. Our research shows that younger
concerns options when they log on to services or workplace generations are less likely to adopt strong
applications is likely to result in better adoption of passwords and more likely to reuse passwords
The age gap around multifactor authentication across the board, and across multiple sites and services. While these
passwords potentially even better security if different users behaviors are proven to expose users to hacking
choose methods that hackers would have a hard and phishing attempts, organizations can still
Around the world: Cultural time guessing or obtaining in mass quantities. protect against fraudulent access attempts—even
perspectives vary
when credentials are stolen—by adopting risk-
based authentication.
Takeaways: The future of
authentication
1 • 2 • 3 • 4

About IBM Security

About the author

Adopting a risk-based approach to authentication


can help organizations overcome the poor password
practices of younger generations. Learn how.

24
◀ Previous Next ▶

Contents With risk-based authentication, authentication or leave users to make their own decisions and
attempts are automatically evaluated based on treat identity-related threats as acceptable risks?
Introduction contextual data and behavioral cues determined Being offered different access control choices
by administrators. When risk scores are elevated, can certainly encourage more users to adhere to
Survey at a glance the system can prompt the user to prove that they better security.
are who they say they are via an additional factor,
Security over which could be a biometric or another mechanism But while IT can influence the movement to a more
convenience
of choice. secure world, the future of authentication ultimately
comes down to whether or not individual users
Biometrics are the future,
Offering choice is key to adoption choose to employ secure practices.
but not without security
concerns As users continue to adapt their authentication
habits to the latest advancements in technology, Future research on global adoption patterns of
The age gap around service providers and IT decision makers will play authentication technology—especially in academic,
passwords a critical role in influencing the adoption curve— observed settings—is essential to measuring
whether in the workplace or through consumer- progress and building secure technology that’s
Around the world: Cultural facing technologies. Will they mandate stronger pragmatic and user centric.
perspectives vary
authentication methods, provide users with options,

Takeaways: The future of


authentication
1 • 2 • 3 • 4

About IBM Security

About the author

Service providers and IT decision makers will certainly


influence the adoption of new authentication methods—but
acceptance in the end will come down to individual users.

25
◀ Previous Next ▶

Contents About IBM Security About the author


IBM® Security offers one of the most advanced Limor Kessem, Executive
Introduction
and integrated portfolios of enterprise security Security Advisor, is one of the
Survey at a glance products and services. The portfolio, supported top cyber intelligence experts at
by world-renowned IBM X-Force® research, IBM Security. She is a seasoned
Security over provides security intelligence to help organizations security advocate, public speaker
convenience holistically protect their infrastructures, data and a regular blogger on the cutting-edge IBM
and applications, offering solutions for identity Security Intelligence blog.
Biometrics are the future, and access management, database security,
but not without security application development, risk management, Limor is considered an authority on emerging
concerns endpoint management, network security and more. cybercrime threats. She participated as a highly-
IBM operates one of the world’s broadest security appreciated speaker on live InfraGard New York
The age gap around research, development and delivery organizations, webcasts (an FBI collaboration), conducts live
passwords
monitors billions of security events per day in more webinars on all things fraud and cybercrime,
than 130 countries, and holds more than 3,500 and writes a large variety of threat intelligence
Around the world: Cultural
perspectives vary security patents. publications. With her unique position at the
intersection of multiple research teams at
IBM, and her fingers on the pulse of current day
Takeaways: The future of For more information
authentication threats, Limor covers the full spectrum of trends
To learn more about the IBM Security portfolio,
affecting consumers, corporations and the
please contact your IBM representative or IBM
About IBM Security industry as a whole.
Business Partner, or visit:
ibm.com/security
About the author Contributors
For more information on IBM Security solutions for Cassy Lalan, External Relations, IBM Security
identity and access management, visit: Lane Billings, Product Marketing Manager, Access
ibm.com/security/identity-access-management and Authentication, IBM Security

Follow @IBMSecurity on Twitter or visit the IBM Brian Mulligan, Product Manager, Access and
Security Intelligence blog Authentication, IBM Security

26
◀ Previous Next ▶

Contents © Copyright IBM Corporation 2018

IBM Security
Introduction
75 Binney Street
Cambridge MA 02142
Survey at a glance
Produced in the United States of America
Security over January 2018
convenience IBM, the IBM logo, ibm.com and X-Force are trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.
Biometrics are the future, A current list of IBM trademarks is available on the web at “Copyright and trademark information” at
but not without security ibm.com/legal/copytrade.shtml
concerns
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all
offerings are available in every country in which IBM operates.
The age gap around
passwords THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
Around the world: Cultural PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted
perspectives vary according to the terms and conditions of the agreements under which they are provided.

The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide
Takeaways: The future of legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any
authentication law or regulation.

About IBM Security Statement of Good Security Practices: IT system security involves protecting systems and information through
prevention, detection and response to improper access from within and outside your enterprise. Improper access
can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse
About the author
of your systems, including for use in attacks on others. No IT system or product should be considered completely
secure and no single product, service or security measure can be completely effective in preventing improper use or
access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach,
which will necessarily involve additional operational procedures, and may require other systems, products or
services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE
IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.

22012422-USEN-01

Вам также может понравиться