Passwords are fundamentally flawed, do not compromise on your UX
The effects of complex password implementation
Companies spend time and resources to build policies in attempt to strengthen the protection of customer’s account and data. This in turn heavily compromises on user experiences resulting in abandonment of services’. On top of that, a study conducted found that the average person is now registered to 90 accounts requiring passwords and that number just keeps growing. Few people remember so many passwords and thus, has resulted to about a third of online purchases being abandoned at checkout because they cannot remember their password (Johnson, 2017).
Implementations of complex passwords just add to the problem of forgotten passwords, but not just that, it also has been found that the implementation of complex passwords have actually resulted in an increase of users writing down their details. This puts their data at risk of internal security breaches and has made no significant improvements in security but instead, diverted time and effort away from other initiatives. According to Johnson, studies also found that 51% of people use similar passwords over and over.
Instead of using complex legacy passwords, Identity and Access Management (IAM) leaders should ensure password policies and authentication methods that best reflect the needs of regulators’ and auditors’ demands. The introduction of more robust authentication methods such as Two Factor Authentication(2FA), Multifactor Authentication (MFA) and One Time Passwords (OTP) have been found according to Allan, to ease the fluidity of user access and lower security breaches by 50% without compensating user experience (UX) and should be implemented for users that require a high security clearance. The use of biometrics methods and bot detection can also elevate security as well as trust as it reduces challenges and step-up authentication requests. This reserves high-friction challenges for high-risk activity, providing a seamless experience for users (Allan, 2017).
The average consumer has around 90 registered accounts associated with 1 email address with saved payment details, that’s A LOT of passwords (Lord, 2021). Fraudsters and phishing attacks can be avoided through the use of secure email gateway (SEG) and real-time, anti-phishing training. Therefore as the figure above suggests, investments into new authentication methods and effective compensating controls will aid in tremendously increasing the security levels for user authentication.
Let’s bid farewell to troublesome password policies and bad user experience!
The convenience of mobile biometrics authentication and why they are more secure. Biometrics require liveness detection, not what you know but who you are. By taking advantage of our mobile phone’s camera, microphone, fingerprint sensor and facial recognition algorithm, MFA checks make it close to impossible for hackers access your account. It has been proven that people choose convenience over security and that is exemplified through all your saved auto login details on Google Chrome, saved payment details for filling out online orders and in online shopping accounts. The good thing about biometrics is that people are relieved from that responsibility of creating and remembering a strong/ complex password. The sophistication of biometrics promises to improve in line with smartphone technology. The latest authentication methods include infrared iris scans and behavioural biometrics, which measure the way you hold your phone, the way you sit and how you walk. With the growing ubiquity of fitness features, it’s expected that the next generation of mobile biometrics will use electrocardiograms, or heart beats, to authenticate users.
How to select a biometric authentication provider
So how does one choose a biometric service provider? Firstly, there are different types of biometric providers such as fingerprints, physiological traits, voice and DNA. So, know what kind you are looking for and the best one that suits your purpose and need. Secondly, the factors to consider about the biometric modality are:
Accuracy is one of the most important aspects to assess when choosing a biometric modality. It is based on several criteria including error rate, false acceptance rate (FAR), identification rate, false reject rate (FRR) and additional biometric system standards.
- Anti-spoofing capabilities
As biometric recognition systems become more widespread, more attention has been given to possible direct attacks, where potential intruders may gain access to the system by interacting with the system input device. Such attempts are commonly referred as spoofing attacks. Strong anti-spoofing protection is a must have capability for the right biometric modality. One protection method ADERA uses is liveness detection, ADERA’s AI engine generates a validity score that tells you if the user is in fact using a live selfie or impersonating with a recorded video or wearing a mask resulting in a low validity score.
User acceptance is the linchpin of biometric identification management deployment success. Certain biometric modalities may have a stigma associated with them (e.g. – fingerprint biometrics and criminality) which can negatively impact user perception in certain cultures. Understanding which modalities are acceptable versus those that may cause user acceptance issues is important.
- Cost effectiveness
Cost is an important factor to consider when choosing the best and most effective biometric hardware modality. Depending on the underlying technology and hardware characteristics, certain modalities may be more cost effective than others. It’s important to recognize that an initial investment in biometrics can and is quite often recouped in a short amount of time to achieve fast return on investment (ROI).
Contact dependent biometric hardware is an important factor to consider before making an investment. Many new deployments in industries that pay close attention to infection control prefer to use contactless biometric modalities for hygienic reasons (Hassan, 2016).
These are some of the top factors to consider when choosing a biometric authentication provider. Passwords are fundamentally flawed, if you are looking for a provider or assistance in the biometric authentication field please feel free to contact us at: firstname.lastname@example.org.