Password-Based Authentication 'No Longer Capable of Meeting Modern Security Demands'

As many as 84% of people responding to a survey by mobile authentication platform provider LaunchKey would like to totally eliminate passwords in a world where a near majority have more than 10 passwords to manage.

The survey taken in the US in August 2015 also found that demands on users are exacerbated by the fact that such systems require them to change passwords frequently. LaunchKey's survey also highlighted disquiet about systems that require users to create passwords that do not fit the model of one they regularly use. Over two-thirds surveyed re-use passwords for multiple accounts while just over three-quarters said they often forget passwords or have to write them down. Over a quarter (27%) of survey respondents admitted sharing their passwords with someone else.

The demand for alternatives to passwords is high, with three-quarters feeling that their data would be more secure with other verification. Three-fifths would choose fingerprint scans over passwords. Respondents also took a dim view of the traditional methods of authentication, regarding two-factor authentication (2FA) as insufficient. Nearly two-thirds did not even know what 2FA was, while only a fifth said it was easy to use. There was also a feeling that many current 2FA solutions on the market today represent a noticeable cost and logistical burden.

Probably given the high number of recent data breaches in retail stores, 52% of survey respondents expressed little to no confidence in retail stores being able to properly secure personal information, and 43% had little to no confidence in online retailers. Just under half expressed high confidence in banks being able to protect personal information.

“Today, the pace of security breaches directly related to stolen passwords and bypassed authentication is increasing along with the severity of their consequences,” commented LaunchKeyCEO Geoff Sanders. “Passwords are inherently insecure as a method of authentication, and their e?cacy relies on end users, developers, system administrators, and the applications themselves, all of which are vulnerable to a wide variety of attack vectors currently being exploited by cyberattacks around the world…We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversi?ed landscape of use cases, end users and threats.”

What’s Hot on Infosecurity Magazine?