Survey Reveals 52 Percent of Consumers Want Biometrics and Other Modern Authentication Methods Over Traditional Passwords

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | May 25, 2016 10:00 pm PST

Security Breaches, Poor Password Habits and Frustrating Customer Experiences Drive Businesses to Prepare for the Death of the Password

Gigya, the leader in Customer Identity Management, today validates why “Businesses Should Begin Preparing for the Death of the Password” based on results of its survey of 4,000 consumers in the U.S. and the U.K. From baby boomers to millennials, 52 percent of consumers would choose anything but a traditional username and password account registration when given the option.

Businesses that want to thrive are rapidly adopting secure, modern password alternatives, such as the following: social-network authentication that enables consumers to use their Facebook or other social-network credentials as their logins; two-factor authentication, which couples traditional usernames and passwords with a personal security question or verification code sent via text message; and biometric authentication, such as fingerprint scanning, voice recognition, facial recognition or iris scanning technology.

Key overall survey findings include:

  • More than half (52 percent) of all respondents prefer to log into online accounts using modern authentication methods that are more secure than traditional usernames and passwords, including 29 percent that prefer using two-factor authentication and 20 percent that prefer biometric authentication.
  • Eighty percent of consumers who expressed a preference believe biometric authentication is more secure than traditional usernames and passwords.
  • Only 16 percent of respondents follow password best practices with a unique password for each online account. Six percent use the same password for all accounts and 63 percent use seven or fewer passwords across all their online accounts.
  • More than one quarter (26 percent) of all respondents have had at least one online account compromised in the past 12 months. When segmented by generation, 35 percent of millennials, 28 percent of Generation Xers and 18 percent of baby boomers reported having online accounts compromised.
  • Only 33 percent of millennials create secure passwords for everything. The rest use passwords like “password,” “1234,” their names or birthdays. In contrast, 42 percent of Generation Xers and 53 percent of baby boomers always create secure passwords.
  • Sixty-eight percent abandon the creation of an online account due to complex password requirements, while 55 percent abandon a login page because they forgot their passwords or answered a security question incorrectly.

Security Breaches and Bad Password Habits Prompt Need for New Authentication Methods

Traditional passwords are currently widely used but poised to become obsolete in the next 10 years. Security risk is a top factor driving consumers’ identity authentication preferences since 26 percent of respondents overall have had an online account compromised in the past 12 months. For millennials, that security-breach number jumps to 35 percent, most likely because survey data shows they have the worst habits for creating traditional passwords. Identity authentication is a critical point of differentiation because consumers increasingly expect businesses to maintain high levels of security and data privacy while delivering a superior customer experience, including convenience and personalization.

Traditional Password-Based Authentication Causes Frustration and Erodes Customer Relationships

In addition to security risks posed by traditional password authentication, businesses lose one-on-one customer engagement opportunities when registrations are inconvenient. Insecure passwords leave consumers at risk of phishing and fraud, but businesses that address this with complex password requirements negatively impact customer experience. Millennials show the least amount of patience for setting up an online account with 38 percent abandoning an online registration page when password requirements are too strict. Their Generation X and baby boomer counterparts are not much more tolerant, with 33 percent and 27 percent abandonment rates, respectively. Even when consumers have created online accounts, 55 percent of respondents admit to abandoning a login due to a forgotten password, indicating businesses can potentially double visitors’ login rates by offering alternative forms of authentication.

Businesses Must Modernize Authentication Methods or Suffer the Consequences

Millennials — more than other generations — embrace advanced authentication methods that present a simpler way to log in while maintaining a high level of security. Nearly one-half of millennial respondents use one or more forms of biometric authentication, such as fingerprint scanning technology (38 percent), voice recognition (15 percent), facial recognition (11 percent) or iris scanning (5 percent). Millennials also report that at least one of the applications they’ve downloaded offer some form of biometric authentication, which is consistent with Juniper Research’s estimates that more than 770 million biometric-enabled applications will be downloaded each year by 2019, as compared with 6 million in 2015.

“Within the next 10 years, traditional passwords will be dead as an authentication form,” said Patrick Salyer, CEO of Gigya. “Consumer-focused brands require modern customer identity management infrastructures that support newer, more secure authentication methods, such as biometrics. Businesses that are already using advanced authentication methods demonstrate increased customer registration and engagement while enjoying greater login convenience and security.”

This survey was conducted by in February 2016. It queried 2,000 U.S. adults and 2,000 U.K. adults between the ages of 18 and 69 that access the internet and have online accounts.

[su_box title=”About Gigya” style=”noise” box_color=”#336588″][short_info id=’69591′ desc=”true” all=”false”][/su_box]