Leak after leak has demonstrated that passwords are perhaps the weakest part of our digital security infrastructure. Users create weak passwords, companies do not maintain good infrastructure, hacking tools grow increasingly sophisticated and our password system continue to look like a relic. A white paper from Gigya analyzes where we might go from here.
Users are still largely engaged in sloppy practices. 8 percent of millennials, 6 percent of Generation X and 4 percent of baby boomers use the same password across all accounts–only 16 percent of users surveyed follow the best practice of a unique password for each account.
25 percent of all respondents had an account compromised in the last 12 months. Additionally, 35 percent of millennials have had accounts compromised, which is a direct reflection of their low participation rates in best practices; about one-half only use two to four unique passwords across multiple accounts.
The user name/password system is also causing users to disengage from services entirely. 32 percent abandon account creation processes because the password they were asked to create required too much complexity. 55 percent abandon login pages because they forgot passwords, user names or security question answers, and 59 percent of average consumers forget a password up to five times a year.
Users are ready for something new entirely. 52 percent said they would use other authentication systems if they were available to them. Millennials are already on board with biometric options: 48 percent have used fingerprint scanners, 15 percent have used voice recognition, 11 percent have used facial recognition and 5 percent have even used iris scans.
66 percent of millennials, 48 percent of Gen-x and 30 percent of baby boomers say they own at least one biometrically enabled device, but Gigya points out that as long as a device has a microphone or a camera, it’s biometrically enabled. 80 percent of respondents that stated an opinion believed that biometric authentication is safer than traditional registration.
While some have prophesied the death of passwords for years, we don’t seem to be quite there yet. Passwords and user names are still the go-to method for securing accounts. Social logins could provide an opportunity for users to connect securely to a new site or service without going through the full account creation process. A combination of biometrics, centralized login details and perhaps technology we haven’t seen yet, will likely form the core of our new security infrastructure–provided that everyone is willing to give up the clunky yet resilient password system that we seem to be stuck with.