Академический Документы
Профессиональный Документы
Культура Документы
Identity Study
Consumer perspectives on authentication:
Moving beyond the password
In the past six years, USD 112 billion has been stolen through identity fraud,
equating to USD 35,600 lost every minute.
2
◀ Previous Next ▶
3
◀ Previous Next ▶
4
◀ Previous Next ▶
5
◀ Previous Next ▶
Contents This is particularly alarming in light of the fact Results showing a penchant for speed and
that nowadays, many consumers opt to use convenience shed light on a growing interest in
Introduction their Facebook, Twitter and Google accounts biometrics that can provide an added layer of
to authenticate and access other applications security without burdening the user. A fingerprint,
Survey at a glance and services. Many popular services that house which is the most popular biometric, is rather
sensitive information, like delivery services, online unique, does not require memorizing, can’t be
Security over shopping and dating apps, encourage users to log kept on a piece of paper or shared like a
convenience in using their social accounts. Therefore, if one of password or forgotten, and—most of all—it’s
1 • 2
these social/email accounts is compromised, there both fast and convenient.
could be a domino effect on how many additional
Biometrics are the future,
but not without security accounts may also fall into the attacker’s hands.
concerns
80 76%
71%
The age gap around 70
63%
passwords
60 54%
50%
50 46%
Around the world: Cultural
perspectives vary 40 34% 36%
32% 30% 31% 30%
30
23%
Takeaways: The future of 20%
20 16% 17% 19%
authentication 14% 13% 13%
11%
10
About IBM Security 0
Bank apps Investing app Budgeting app Online Workplace app Email app Social media
marketplace app
About the author
Security Privacy Convenience
Figure 1. App or account types respondents cared most to protect (global perspective)
6
◀ Previous Next ▶
Survey at a glance
Of the top most-secure elements, as perceived by
respondents, fingerprint ranked first by 44 percent,
67% comfortable using biometric
authentication today.
retinal scan ranked second (30 percent), and
Security over alphanumeric passwords ranked third (27 percent)
of respondents would
convenience (see Figure 2). Digital PINs and facial recognition
consider using different
Biometrics are the future,
tied for 12 percent. 87% types of biometric
but not without security
authentication in the future.
Interestingly, while fingerprint ranked first, full
concerns handprint only reached sixth position with 10
1 • 2 • 3
percent of respondents perceiving it to be a secure
authentication. The audible methods, such as voice
The age gap around
passwords or heartbeat recognition, were last on the list.
Handprint 10%
About the author
Voice recognition 6%
Heartbeat recognition 4%
7
◀ Previous Next ▶
Contents Biometrics are becoming more popular than ever, When it came to their concerns over the use of
but privacy concerns over how they are stored biometrics as an authentication method, users also
Introduction and secured persist. Because biometric data can worried about how biometrics might be stored and
be used to identify an individual beyond doubt, the potential for compromise. While trust levels
Survey at a glance consequences of compromise are grave. about securing biometrics were relatively high in
some regions, one quarter of survey respondents
Security over Findings regarding people’s biggest concerns with do not trust any organization to protect their
convenience
biometric authentication were not very surprising biometric data (see Figure 4).
and matched with trending issues reported in
Biometrics are the future,
the media (see Figure 3). Those concerns are
but not without security People’s biggest concerns with biometric
concerns security and privacy, more so than ease of
use or functionality. authentication are privacy and security
1 • 2 • 3
(55 percent and 50 percent respectively).
The age gap around
passwords
I’m concerned about how 55%
data collection is used
Security
8
◀ Previous Next ▶
Contents
Forty-four percent of respondents view Trusting organizations to keep biometric data
Introduction fingerprint biometrics as the most secure varied greatly by industry, with banking
secure method of authentication, while leading as the most trusted. Forty-eight percent of
Survey at a glance alphanumeric passwords and digital PINs people would trust a major financial institution the
were seen as less secure (27 percent and 12 most with their biometric data, while only 15 percent
Security over would trust that data to major social media sites.
percent respectively).
convenience
50 48%
Around the world: Cultural
perspectives vary
40
Takeaways: The future of
authentication 29%
30
25%
23%
About IBM Security 19%
20
16% 15%
1%
0
tio l
tio l
sit l
id h
id l
er
sit e
ov f
itu cia
ov na
itu ia
ia cia
ab o
ov alt
ng lin
th
st nc
e ne
n
e
er
er
e
pr gio
st n
pi on
ed o
pr e
O
in fina
in fina
m jor s
e /h
th No
re re
op or
nc re
ca al/
sh aj
r
or
a
ra ca
le
M
M
th c
aj
al
su lth
al Lo
M
Sm
in ea
rh
ajo
he
M
Figure 4. Types of organizations people trust MOST to protect their biometric data (global perspective)
9
◀ Previous Next ▶
10
0
18-24 25-34 35-44 45-54 55+
Complex password (e.g. with different capitalization or characters, mix of numbers and letters)
Recurring password (the same password you use in other places)
Contents Password reuse is known as a risky practice that Generational differences also showed striking
can enable compromise across multiple accounts, variances in terms of attitude toward security
Introduction even if just one password has been exposed. (see Figure 6). When given the choice between
saving time and employing a more secure form of
Survey at a glance authentication, people under the age of 34 were
Seventy-five percent of millennials are
most likely to prefer a speedy experience to a more
Security over comfortable using biometrics today,
secure way to authenticate, if it were shown to save
convenience versus only 58 percent of those over age 55.
them one to ten seconds. The older generation was
not likely to ever make the same tradeoff.
Biometrics are the future,
but not without security
concerns Convenience versus security varies by age
100
11
◀ Previous Next ▶
Contents With those findings in mind, it is not surprising like enabling two-factor authentication, or ceasing
that younger generations would opt to use to use an app or service entirely if their data was
Introduction authentication that saved them time. The survey compromised by that provider.
found that younger generations already have
Survey at a glance experience with, and have used, biometrics in the The survey found that millennials were more likely
past, while older generations were much less likely to take the following actions in wake of a breach:
Security over to say the same.
convenience
• Enable two-factor authentication (32 percent
versus 28 percent of the general population)
Biometrics are the future,
According to the survey, 36 percent of • Stop using an app or service that was affected
but not without security
concerns those ages 18 – 20 say they use password (25 percent versus 21 percent of the general
managers to keep passwords and avoid population), moving to a competitor’s service
The age gap around having to memorize them, compared
passwords to only 26 percent of users in the As younger generations are more likely to take
1 • 2 • 3 general population. action to secure their accounts after a breach
has taken place, they may expect more inherent
Around the world: Cultural security from their providers, and therefore place
perspectives vary less emphasis on personal password hygiene in
Younger generations take action in the wake
of a breach the first place.
Takeaways: The future of
authentication What influences users of different generations
to make changes to their authentication habits? Additionally, the survey revealed that younger
While younger generations were shown to be less generations are more likely to use a password
About IBM Security
concerned about password security in general, manager, a tool which assists in generating and
About the author our results showed that they were more likely to retrieving complex passwords.
make changes to their authentication habits in the
wake of a data breach—taking mitigating actions
12
◀ Previous Next ▶
Contents Around the world: Cultural The slower adoption of new technologies
(see Figure 7) may be part of the reason why
Introduction
perspectives vary
respondents in the US were the least familiar or
Technology and biometric adoption
comfortable with biometric authentication methods,
Survey at a glance Availability and culture influence the use of digital especially since those have been embedded
assets, technology and gadgets—and they affect into popular personal devices in recent years.
Security over the attitudes respondents have about securing The survey found that US respondents lagged
convenience devices and using different types of authentication. behind APAC and Europe in comfort and usage of
biometrics—and in fact, 23 percent of respondents
Biometrics are the future,
but not without security
in the US said they are not interested in using
concerns biometrics now, or in the near future (see Figure 10).
80 74%
The age gap around
passwords 70 66%
57% 59%
60
53%
Around the world: Cultural 50 47%
perspectives vary 42% 40%
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 40
30%
30
Takeaways: The future of 20
authentication
10
13
◀ Previous Next ▶
14
◀ Previous Next ▶
Contents Knowing about the occurrence of major breaches multifactor authentication, but not as many would
but believing they can be avoided seems to opt for biometric authentication as a means to add
Introduction translate into US respondents’ willingness to use a layer of security (see Figure 9).
more security. In that sense, they would opt for
Survey at a glance
80%
80
Security over 73%
70%
convenience 70
60
Biometrics are the future,
but not without security 50 46% 46%
43%
concerns 39%
40 35%
29%
The age gap around 30
passwords 20
10
Around the world: Cultural
perspectives vary 0
Would use multifactor Would use multifactor authentication Currently use fingerprints to
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 authentication for added security if the site/system/app I was using unlock my smartphone
flagged my activity as irregular/abnormal
Takeaways: The future of APAC EU US
authentication
Figure 9. US respondents would use multifactor authentication but won’t necessarily opt for biometrics
About IBM Security
15
◀ Previous Next ▶
16
◀ Previous Next ▶
17
◀ Previous Next ▶
Contents Easier and more secure biometrics could make life easier by removing
When it comes to seeing biometrics as being both the need to remember additional passwords
Introduction easy to use and more secure, respondents in some (see Figure 11).
regions were more convinced than others.
Survey at a glance
It was not surprising to see that APAC respondents,
Over 70 percent of people in APAC
once again, are most inclined to perceive biometric
Security over said biometrics increase security and
authentication as the more convenient and secure
convenience protection of identity.
option. Respondents in APAC generally felt that
Biometrics are the future,
but not without security 80 75%
concerns 72%
68% 69% 68%
70 66% 66% 65%
63% 61% 62% 62% 62% 60%
60 57%
The age gap around 54%
passwords 50
40
Around the world: Cultural
perspectives vary 30
1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 20
10
Takeaways: The future of
0
authentication Increased security Increased protection Not needing to remember Ease of
of identity passwords use/convenience
About IBM Security APAC EU US Global average
18
◀ Previous Next ▶
19
◀ Previous Next ▶
20
◀ Previous Next ▶
Contents 60 57%
50
Introduction 44% 42%
40
Survey at a glance
30 28%
Security over 23% 22%
19%
convenience 20
11% 12%
10
Biometrics are the future,
but not without security
0
concerns Major financial institution Major online shopping app Major social media app
or website or website
The age gap around APAC EU US
passwords
Figure 14. APAC users are most likely to trust their biometric data to major financial institutions
21
◀ Previous Next ▶
Introduction
authentication Key takeaways from this IBM Security survey show
In view of the ever-escalating risk to our digital that respondents are already quite familiar with the
identities and constant enhancements in the tools different authentication schemes in use today. They
Survey at a glance
available to authenticate our identities online, are security-aware and understand the types of
developing more secure and strategic approaches data they consider most worth protection, even in
Security over
to authentication is a major priority across the the cases where they prefer convenience.
convenience
current business, services and security landscapes.
Biometrics are the future, Within the overall concept of turning to newer
but not without security To minimize illegitimate access while still authentication models and biometrics, respondents
concerns offering a full range of services to legitimate did prefer particular types of identifiers and had
customers, identity and access management less trust that others were as secure. Most people
The age gap around providers have long been looking for new ways leaned toward using a fingerprint—a comfort and
passwords familiarity level that stems from its prominence
to enhance the security and user experience of
identity authentication. But managing risk is only in the marketplace and its integration into both
Around the world: Cultural
one of aspect of the ongoing race to improve Android and iPhone smartphones in recent years.
perspectives vary
authentication—user preferences, habits and
Takeaways: The future of
attitudes will weigh heavily on the actual adoption
authentication and use of new authentication platforms.
1 • 2 • 3 • 4
22
◀ Previous Next ▶
23
◀ Previous Next ▶
Contents Offering choice is key to adoption Investing in access management technology that
Results of the survey show that people will allows administrators to give their users flexibility
Introduction adopt the authentication methods that best fit can also help organizations remain more secure
their personal preferences, which are influenced while giving employees a feeling of empowerment
Survey at a glance and control over how they choose to authenticate.
by factors like age and culture. Organizations
and service providers can use this knowledge
Security over Consider a risk-based approach
to manage authentication risks as their users
convenience
get more comfortable with multifactor and even Another way to enhance security is through
biometric authentication. Providing users with a the adoption of risk-based approaches to
Biometrics are the future,
but not without security choice between multiple different authentication authentication. Our research shows that younger
concerns options when they log on to services or workplace generations are less likely to adopt strong
applications is likely to result in better adoption of passwords and more likely to reuse passwords
The age gap around multifactor authentication across the board, and across multiple sites and services. While these
passwords potentially even better security if different users behaviors are proven to expose users to hacking
choose methods that hackers would have a hard and phishing attempts, organizations can still
Around the world: Cultural time guessing or obtaining in mass quantities. protect against fraudulent access attempts—even
perspectives vary
when credentials are stolen—by adopting risk-
based authentication.
Takeaways: The future of
authentication
1 • 2 • 3 • 4
24
◀ Previous Next ▶
Contents With risk-based authentication, authentication or leave users to make their own decisions and
attempts are automatically evaluated based on treat identity-related threats as acceptable risks?
Introduction contextual data and behavioral cues determined Being offered different access control choices
by administrators. When risk scores are elevated, can certainly encourage more users to adhere to
Survey at a glance the system can prompt the user to prove that they better security.
are who they say they are via an additional factor,
Security over which could be a biometric or another mechanism But while IT can influence the movement to a more
convenience
of choice. secure world, the future of authentication ultimately
comes down to whether or not individual users
Biometrics are the future,
Offering choice is key to adoption choose to employ secure practices.
but not without security
concerns As users continue to adapt their authentication
habits to the latest advancements in technology, Future research on global adoption patterns of
The age gap around service providers and IT decision makers will play authentication technology—especially in academic,
passwords a critical role in influencing the adoption curve— observed settings—is essential to measuring
whether in the workplace or through consumer- progress and building secure technology that’s
Around the world: Cultural facing technologies. Will they mandate stronger pragmatic and user centric.
perspectives vary
authentication methods, provide users with options,
25
◀ Previous Next ▶
Follow @IBMSecurity on Twitter or visit the IBM Brian Mulligan, Product Manager, Access and
Security Intelligence blog Authentication, IBM Security
26
◀ Previous Next ▶
IBM Security
Introduction
75 Binney Street
Cambridge MA 02142
Survey at a glance
Produced in the United States of America
Security over January 2018
convenience IBM, the IBM logo, ibm.com and X-Force are trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.
Biometrics are the future, A current list of IBM trademarks is available on the web at “Copyright and trademark information” at
but not without security ibm.com/legal/copytrade.shtml
concerns
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all
offerings are available in every country in which IBM operates.
The age gap around
passwords THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
Around the world: Cultural PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted
perspectives vary according to the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide
Takeaways: The future of legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any
authentication law or regulation.
About IBM Security Statement of Good Security Practices: IT system security involves protecting systems and information through
prevention, detection and response to improper access from within and outside your enterprise. Improper access
can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse
About the author
of your systems, including for use in attacks on others. No IT system or product should be considered completely
secure and no single product, service or security measure can be completely effective in preventing improper use or
access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach,
which will necessarily involve additional operational procedures, and may require other systems, products or
services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE
IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.
22012422-USEN-01