Failed authentication frequently thwarts online shoppers

Half of consumers frequently thwarted by online credential systems, including forgotten passwords and confirmation questions

About half of online shoppers are "very frequently" or "frequently" prevented from buying online good and services because they can't get their credentials to work at business websites, a study released Wednesday has found.

Most of those authentication failures are due to forgotten passwords, user names or answers to confirmation questions, such as "What was your mother's maiden name?"

Less than half of the nearly 2,000 consumers in the United States, United Kingdom and Germany participating in the survey conducted by the Ponemon Institute and sponsored by Nok Nok Labs attributed their inability to conduct business at a website to glitches or inaccuracies within website systems or identity verification procedures.

"It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

"The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system," he added.

The researchers also found consumers amenable to biometric authentication as a means to access services provided by banks, credit card companies, health care providers and others.

More than a third of Americans (34 percent) approved of a trusted organization using biometrics to authenticate customers. Those percentages were even higher in the UK (41 percent) and Germany (45 percent).

An important caveat in that acceptance, however, is that biometric data gathered by an organization not be accessible to it.

A surprising aspect of the survey was the technology savvy shown by those participating in the polling, observed Nok Nok Labs CEO Phil Dunkelberger. "Across the three regions, the consumer knowledge of biometrics and other forms of authentication was surprising," he said in an interview.

"It's interesting that consumers are showing a willingness to try biometrics," he said. "Five to seven years ago, they wouldn't even know what a biometric factor was."

Researcher also found that more than half the consumers (60 percent) favored a single identity credential for multiple identification purposes.

As frustrating as passwords and user names are to consumers, they're likely to be around for some time to come. "They aren't going to go away any time soon," said Aleksandr Yampolskiy, CTO of Cinchcast.

That's because they're still the easiest form of authentication for e-commerce and other websites. "Those sites want to make it as easy as possible for people to log in and shop," Yampolskiy said.

There also just doesn't seem to be viable substitute yet for a password that has gained any traction in the market, contended Les Hazlewood, CTO of Stormpath.

"The password is still king," Hazlewood told CSO. "Until some other multi-factor authentication, like a debit card, can be used for online interaction, almost every single technology that's been invented has not been as widely adopted by the average consumer as the password."

However, businesses have made some headway in authentication in recent times. "In the last couple of years, we've seen a lot stronger acceptance of multi-factor authentication," Hazlewood noted.

"But the reason that works in the corporate environment is because you have top-down management that forces it on everyone in the company," he said. "That pressure doesn't exist in the consumer world, so you're not seeing adoption of that kind of technology there."

Join the CSO newsletter!

Error: Please check your email address.

Tags Nok Nok LabssecurityAccess control and authenticationPonemon InstituteStormpathCinchcast

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello, Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts