A new report released by Javelin Research showed while consumers
still strongly prefer knowledge-based authentication methods for
online banking and other sensitive applications, alternative
factors, such as biometrics and one-time-passwords, are currying
favor.
Based on a survey conducted across nearly 2,000 U.S.-based
consumers, the 2010 Authentication Report showed for online
banking, 64 percent of consumer perceived that challenge-response
questions were effective, compared to 58 percent who believed
biometrics to be effective and 42 percent who thought one-time
passwords worked well.
"This year we continue to find knowledge-based questions and
challenge-response to still be the No.1 method that is familiar
with consumers and perceived to be effective by them," says Robert
Vamosi, an analyst for Javelin and the author of the report, which
came out last week. "But this year, what was surprising was that
one-time passwords and biometrics were starting to make a move on
No. 1 and were performing better than we've seen in previous
years."
Vamosi says this is partially attributed to improving technology
and partially to growing familiarity with these alternative means
of authenticating users.
"It starts in an enterprise environment and it moves into the
home," Vamosi says of people's familiarity with authentication
technologies. "If you go into your office and the IT department has
imposed this new means of getting on the network and you become
experienced with it, then suddenly at home you're presented with
the same option to log into your bank account, you're going to say,
'I've seen this before, I'm familiar with it. I can work with
this.'"
This familiarity aspect has particularly helped with biometrics,
especially as technology has become more prevalent and increasingly
built into business-grade equipment for the normal worker.
"Biometrics have gone from something that you see in movies and
don't really experience to something many have had hands-on
experience with," Vamosi says. "Many laptops today have navigation
pads that double as a biometric reader, and there's also facial
recognition technologies in laptops with webcams. This is starting
to come down to earth, and people are starting to see it in action
and thinking it could be effective to authenticate them."
Year-over-year, biometrics has increased in perceived effectiveness
among consumers by about seven percentage points, according to the
report. Even better has been the jump in perceived effectiveness of
one-time passwords, which shot up with consumers by 12 percentage
points. Vamosi says technology improvements for better ease-of-use
has been a big driver in consumers embracing one-time
passwords.
"There's a lot of convenience coming out of the new technologies,"
Vamosi says. "A soft token can be generated in an application, it
can be generated within a mobile phone, and the user doesn't
necessarily have to key in the number from a separate keychain
device."
Perhaps most interesting among the results, Vamosi says, is the
dropping confidence in knowledge-based authentication. While it
still remains the apple of consumers' eyes, there was a dip of
about six percentage points in the overall vote of consumer
confidence this year over last year.
"That could be the consumer's awareness of that technology being
compromised," he says. "The most classic example was the Sarah
Palin email attack a year or two ago. It has become clear to the
consumer that the answer to those questions can be found on
Facebook, or are easily guessable, so someone could potentially get
into their bank account or email account."