Research
Those Pesky Passwords
Too many and too complicated to remember, passwords make users crazy and incur help desk expense. What should you do about it?
By Larry Ponemon
| If you said No, why not? Please check the top two answers only. | Freq. | Pct% |
|---|---|---|
| It is inconvenient for me to remember passwords. | 201 | 63% |
| Passwords are not necessary if the company has other ways of determining who I am. | 190 | 60% |
| I don't think using a password would increase my security. | 132 | 42% |
| I don't trust the company to keep my password private. | 77 | 24% |
| Total | 600 |
Do not make passwords a regulatory requirement. At present, there is proposed federal legislation that would require some companies to mandate the use of passwords as part of their identity verification process. So we asked respondents how they feel about a requirement for mandatory passwords or PINs. Bar Chart 2 shows that 87 percent of respondents say no to the idea of a mandatory password requirement.
Give us a choice. We also attempted to determine how respondents view three different identity verification or authentication options, defined as follows:
- The company provides the consumer with a choice of a password or the use of three pieces of personal data to verify identity.
- The company makes it mandatory that the company uses a password to verify identity.
- The company makes it mandatory that it collects and uses three known facts to verify identity.
Bar Chart 3 shows that 69 percent of respondents choose option 1; that is, a choice of either a unique password or three separate pieces of information is most preferred.
The final item asked respondents if they believe that new governmental regulations should require companies to use passwords as a necessary condition for identity management. As shown in Table 6, only 12 percent of respondents stated yes. The remaining individuals were either unsure (38 percent) or stated no (50 percent).
| Do you think new governmental regulations are needed that make it a requirement for companies to verify your identity using a password? | Freq. | Pct% |
|---|---|---|
| Yes | 65 | 12% |
| No | 268 | 50% |
| Unsure | 205 | 38% |
| Total | 538 | 100% |
Concluding Thoughts
As our study seems to show, authentication using passwords is viewed as inconvenient and perhaps outdated. Based on the results from our study, I believe consumers are eager for companies to develop an identity management and authentication solution that has the necessary safeguards to protect them from identity theft but streamlines the process of gaining access to their personal accounts. Biometrics would seem to offer both the security and convenience companies and consumers are seeking.
For more information about Ponemon Institute's study, please contact us at research@ponemon.org.
Larry Ponemon is founder and chairman of Ponemon Institute. The Institute is dedicated to independent research and education that advances responsible information and privacy management practices in business and government.
passwords
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- Implementing Best Practices for Web 2.0 Security
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
