User forgetfulness drives preference for biometrics over passwords

Woman in her kitchen checking password on sticky note on the fridge

Getty Images/Westend61

More than half of consumers have had to reset their password at least once a month because they struggle to remember it, with just 6% describing this form of authentication as safe. 

Also: The best password managers for easily maintaining all your logins

Instead, 53% believed fingerprint scans were more secure than passwords, while 47% chose facial recognition, revealed an Entrust Cybersecurity Institute study that polled 1,450 respondents across 12 global markets. These included France, the US, and the UK, as well as 400 respondents from four Asia-Pacific cities in Singapore, Australia, Japan, and Indonesia.

Interestingly, 41% saw 4- or 6-digit PIN codes as more secure than passwords. 

Also: Stop using your 4-digit iPhone passcode in public. Do this instead

The survey revealed that 51% reset their password at least once a month because they could not remember it, including 15% who did so weekly. 

Across the four Asia-Pacific markets, 41% admitted to resetting their password at least once monthly while almost 10% did so weekly. Presented with a choice between biometrics or passwords, some 75% would opt for the former at least half the time, while a third would choose biometrics whenever available. 

Globally, 58% would choose biometrics over passwords at least half the time and 33% would always do so, with 16% saying they would never select biometrics.

Amongst those who opted against doing so, a third described biometrics as more cumbersome than passwords, while 22% said their devices did not support this form of authentication. Some 17% pointed to security concerns over biometrics. 

Also: How to turn on Private DNS Mode on Android (and why you should)

“There’s no one right way for organizations to authenticate customer, employee, or citizen identity,” said Entrust’s chief information security officer Mark Ruchie. “It’s always a tradeoff between providing relatively frictionless access experiences and incorporating safeguards that confirm users are who they claim to be. The authentication methods you employ can, and should, change depending on the circumstances, like the sensitivity of data users are accessing, whether you’re serving customers or employees, or if atypical login behaviors are exhibited.” 

Acceptance over loss of data control

The study also uncovered some interesting revelations about consumers’ attitudes towards ownership of their digital credentials and personal data. 

Below half, at 45%, believed they owned their personal information. Some 28% said their data belonged to whoever controlled it, while 27% said ownership belonged to the issuer. 

Also: The best VPN services (aren’t free)

These sentiments might relate to how respondents felt about data control, with 74% noting that sharing their personal information was unavoidable in order to access goods, services, and applications. 

Asked if they felt comfortable entrusting their online identity with organizations they trusted to improve user experience, 54% said they would be. However, 46% felt otherwise, saying they should be the only one with ownership of their digital identity. 

In Asia-Pacific, 75% also agreed that sharing their personal data in order to access products and services was unavoidable. Half would be comfortable with trusting organizations to own and store their digital identity, while the other half were not. 

To help them feel more in control of their data, 42% across the globe pointed to the ability to revoke access, while 32% would want to know the organizations that had access to their personal information. Another 30% would want to know the organization’s privacy policy and 19% said mail should not contain personal data. 

Also: I tested the latest hardware security keys, and these are my must-haves

Asked if they had a form of electronic identity, 43% said affirmatively while 36% said no. Some 21% were not sure if they had one, which Entrust said might suggest that not all respondents in the US, for instance, were aware their government had been automatically issuing digital passports to all holders since 2006. Just 27% in the country said they had an electronic identity. 

Across the board, 70% would use a digital form of government-issued ID if available, with the majority citing convenience as the top benefit. However, while 49% said enhanced security was the reason they would use an electronic ID, 45% cited security concerns as the reason they would not do so. Another 36% pointed to identity theft as their concern for opting against a digital ID. 

In Asia-Pacific, about 20% were unsure if they had an electronic ID, though, 70% would use a government-issued one if available. 

Noting that both digital and physical identities had their challenges and benefits, Entrust COO Anudeep Parhar said: “It’s not a zero-sum game. Offering consumers access to both formats affords them the flexibility to choose what works best for them or for a given situation.”

READ MORE HERE