IBM Security has released a global study examining consumer perspectives around digital identity and authentication, which found that people now prioritize security over convenience when logging into applications and devices. Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today’s workforce,, these trends may impact how employers and technology providers provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
The IBM Security: Future of Identity Study surveyed nearly 4,000 adults from across the U.S., Asia Pacific (APAC) and Europe to gain insight into consumer viewpoints around authentication. Some key findings from consumers include:
- Security outweighs convenience: People ranked security as the highest priority for logging in to the majority of applications, particularly when it came to money-related apps.
- Biometrics becoming mainstream: 67% are comfortable using biometric authentication today, while 87% say they’ll be comfortable with these technologies in the future.
- Millennials moving beyond passwords: While 75% of millennials are comfortable using biometrics today, less than half of are using complex passwords, and 41% reuse passwords. Older generations showed more care with password creation, but were less inclined to adopt biometrics and multifactor authentication.
- APAC leading charge on biometrics: Respondents in APAC were the most knowledgeable and comfortable with biometric authentication, while the U.S. lagged furthest behind in these categories
The evolving threat and technology landscape have created widely-known challenges with traditional log-in methods that rely heavily on passwords and personal information to authenticate our identities online. In 2017, data breaches exposed personal information, passwords, and even social security numbers for millions of consumers. Additionally, the average internet user in America is managing over 150 online accounts which require a password, which is expected to rise to over 300 accounts in coming years. “In view of the multiple cyber theft and breach scenarios, our personal identification data is no longer fully secure. As consumers realise that passwords may not suffice to fully secure data and prioritise security over convenience, the time is ripe to adopt advanced and multi-layer security strategy”, said Kartik Shahani, Integrated Security Leader, IBM India & South Asia
Future of Identity
Analysis in the report by IBM Security details that attitudes regarding authentication vary widely, and while acceptance of newer forms of authentication like biometrics is growing, concerns persist – particularly amongst older generations and people in the U.S.
IBM advises organizations to adapt to these preference by taking advantage of identity platforms that provide users with choices between multiple authentication options – for example, letting users toggle between a mobile push-notification which invokes fingerprint readers on their phone, or a one-time passcode. Organizations can also balance demands for security and convenience by using risk-based approaches that trigger additional authentication checkpoints in certain scenarios, such as when behavioral cues or connection attributions (device, location, IP address) signal abnormal activity.
The data also reveals that younger generations are placing less emphasis on traditional password hygiene, which poses a challenge for employers and businesses that manage millennial users’ access to data via passwords. As millennial and Gen Z employees begin to dominate the workforce, organizations and businesses can adapt to younger generations’ proclivity for new technology by allowing for increased use of mobile devices as the primary authentication factor, and integrating approaches that substitute biometric methods or tokens in place of passwords.