• United States



by John P. Mello, Jr.

Failed authentication frequently thwarts online shoppers

Apr 18, 20133 mins
Access ControlIdentity Management SolutionsPasswords

Half of consumers frequently thwarted by online credential systems, including forgotten passwords and confirmation questions

About half of online shoppers are “very frequently” or “frequently” prevented from buying online good and services because they can’t get their credentials to work at business websites, a study released Wednesday has found.

Most of those authentication failures are due to forgotten passwords, user names or answers to confirmation questions, such as “What was your mother’s maiden name?”

Less than half of the nearly 2,000 consumers in the United States, United Kingdom and Germany participating in the survey conducted by the Ponemon Institute and sponsored by Nok Nok Labs attributed their inability to conduct business at a website to glitches or inaccuracies within website systems or identity verification procedures.

“It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

“The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system,” he added.

The researchers also found consumers amenable to biometric authentication as a means to access services provided by banks, credit card companies, health care providers and others.

More than a third of Americans (34 percent) approved of a trusted organization using biometrics to authenticate customers. Those percentages were even higher in the UK (41 percent) and Germany (45 percent).

An important caveat in that acceptance, however, is that biometric data gathered by an organization not be accessible to it.

[Also see: Reseachers turn thoughts into passwords]

A surprising aspect of the survey was the technology savvy shown by those participating in the polling, observed Nok Nok Labs CEO Phil Dunkelberger. “Across the three regions, the consumer knowledge of biometrics and other forms of authentication was surprising,” he said in an interview.

“It’s interesting that consumers are showing a willingness to try biometrics,” he said. “Five to seven years ago, they wouldn’t even know what a biometric factor was.”

Researcher also found that more than half the consumers (60 percent) favored a single identity credential for multiple identification purposes.

As frustrating as passwords and user names are to consumers, they’re likely to be around for some time to come. “They aren’t going to go away any time soon,” said Aleksandr Yampolskiy, CTO of Cinchcast.

That’s because they’re still the easiest form of authentication for e-commerce and other websites. “Those sites want to make it as easy as possible for people to log in and shop,” Yampolskiy said.

There also just doesn’t seem to be viable substitute yet for a password that has gained any traction in the market, contended Les Hazlewood, CTO of Stormpath..

“The password is still king,” Hazlewood told CSO. “Until some other multi-factor authentication, like a debit card, can be used for online interaction, almost every single technology that’s been invented has not been as widely adopted by the average consumer as the password.”

However, businesses have made some headway in authentication in recent times. “In the last couple of years, we’ve seen a lot stronger acceptance of multi-factor authentication,” Hazlewood noted.

“But the reason that works in the corporate environment is because you have top-down management that forces it on everyone in the company,” he said. “That pressure doesn’t exist in the consumer world, so you’re not seeing adoption of that kind of technology there.”