Consumers want to ditch passwords, but biometrics isn’t a slam-dunk: Report
Consumer frustration with passwords is nearing a peak, with average users currently registered via password to more than 90 online accounts, and one in four consumers forgetting at least one password daily, according to a new study from Mastercard.
Not surprisingly, more than 90% of consumers are eager to replace passwords with biometric authentication methods—primarily fingerprints and facial recognition.
As passwords to access apps multiply, consumers become more careless. More than half of passwords are reused elsewhere by consumers, and about 80% of typical passwords can be cracked within three days, according to Mastercard’s study, which it released Tuesday in conjunction with the U.K.’s University of Oxford computer science department.
Consumers who’ve tried biometric authentication overwhelmingly prefer these methods to passwords, with 92% of consumers in Mastercard’s study saying they think biometric authentication is more convenient than using passwords, while 83% say biometrics are more secure. The researchers gathered data from more than 1,200 consumers in Europe in 2015.
But financial institutions will likely face headaches implementing biometrics, particularly when it comes to new interoperability and security issues, Mastercard suggested in its report.
Consumers will expect their biometric data to be supported across a range of devices and work with different use cases and methods. Combined with questions about how to encrypt biometric templates and where to store them for interoperability, financial institutions will likely face growing concerns over security and privacy.
Most alarmingly, 75 financial services industry executives surveyed for the study in the U.S. and Europe in August 2016 seemed to exhibit a naïve optimism about biometric payments, the study suggested.
Nearly all respondents (96%) with no direct experience using biometric systems said they believe biometrics will improve mobile banking and payments, but only 61% of those who have already worked with biometrics shared that belief.
The survey suggested there may be controversy within organizations about whether to require two-factor authentication. Most executives in technical positions, 67%, agreed with the need for second factor for authentication, while only 35% of executives on the business side thought two-factor authentication was necessary.
Nevertheless, the majority of executives surveyed expect their companies to start deploying biometric systems within two years.
The researchers concluded that financial services providers planning to adopt biometric authentication methods for payments should focus on creating frictionless, yet secure biometric solutions using multi-layered solutions.
The user experience of a solid biometrics system should convey trust and security, while being easy enough for technophobes to navigate, the researchers wrote.
Biometric solutions should be designed to work across a range of devices, use cases and methods, and security can be minimized by encrypting biometric templates and ensuring they never leave the user’s device, they suggested.
Finally, solutions should address consumer privacy, using the latest technologies to preserve confidentiality and anonymity, even within an authentication system, the researchers noted.