ktsdesign - Fotolia

Millennials set to disrupt authentication, shows IBM study

Young adults are lax on passwords, but are more comfortable than older generations with biometric and multifactor authentication, an IBM study shows

Older generations still value passwords, while younger adults are putting less care into traditional password hygiene, a study of future identity trends by IBM Security has revealed.

However, the study also shows that young adults are more likely to use biometrics, multifactor authentication and password managers to improve their personal security. This could be an indication that younger generations have less confidence in passwords and are instead looking to alternative methods to secure their accounts.

With millennials quickly becoming the largest generation in today’s workforce, these trends may affect how employers and technology companies provide access to devices and applications in the near future, the study report said.

Overall, respondents recognise the benefits of biometric technologies such as fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.

Biometrics going mainstream

According to the study, which polled nearly 4,000 adults from across the Europe (including the UK), the US and Asia-Pacific (APAC) region, biometrics are becoming mainstream.

Just over two-thirds (67%) of respondents said they are comfortable using biometric authentication today, and 87% said they would be comfortable with these technologies in the future.

Millennials, in particular, appear to be moving beyond passwords, with 75% saying they are comfortable using biometrics today – but less than half are using complex passwords and 41% re-use passwords.

Older generations showed more care with password creation, but were less inclined to adopt biometrics and multifactor authentication. Almost half of respondents aged 55 and over use complex passwords, and only 31% said they re-use passwords. However, millennials are twice as likely to use a password manager (34%) than people over the age of 55.  

Respondents in APAC were the most knowledgeable (61%) and comfortable (78%) with biometric authentication, compared with Europe at 40% and 65% respectively, while the US lagged furthest behind in these categories, at 34% and 57% respectively.

The survey found that certain types of biometrics are viewed as more secure than passwords, with 44% ranking fingerprint biometrics as one of the most secure methods of authentication, while passwords and PINs are seen as less secure, with only 27% and 12% respectively ranking them as secure.

People’s biggest concerns with biometric authentication are how the data is collected and used (55%), and the risk of others using fake biometric data to access their accounts (50%).

The password’s had its day

The report notes that the evolving threat and technology landscape have created widely known challenges with traditional log-in methods that rely heavily on passwords and personal information to authenticate our identities online.

In 2017, the report said, data breaches exposed personal information, passwords and even the social security numbers of millions of consumers. Additionally, the average internet user in the US is managing more than 150 online accounts that require a password, and this is expected rise to exceed 300 accounts in coming years.

“In the wake of countless data breaches of highly sensitive personal data, there’s no longer any doubt that the very information we’ve used to prove our identities online in the past is now a shared secret in the hands of hackers,” said Limor Kessem, executive security advisor at IBM Security.

“As consumers are acknowledging the inadequacy of passwords and placing increased priority on security, the time is ripe to adopt more advanced methods that prove identity on multiple levels and can be adapted based on behaviour and risk,” she said.

Security versus convenience

The study also found that security is beginning to outweigh convenience. Respondents ranked security as the highest priority for logging in to the majority of applications, particularly when it came to money-related apps.

While consumers have long been thought to prefer a fast sign-in experience with minimal friction, the survey results show that respondents rank security as a higher preference than privacy or convenience for the majority of applications – particularly money-related applications.

Security was vastly ranked as the top priority for banking, investing and budgeting apps. For these categories, on average, 70% selected security as top priority, with 16% selecting privacy and 14% selecting convenience.

Security also ranked as the top priority for online marketplaces, workplace apps and email. However, for social media apps, priorities became less clear – with convenience taking a slight lead (36%), followed by security (34%) and privacy (30%).

But young adults also showed the strongest preference for convenience, with almost half (47%) of adults under 24 preferring a faster sign-in experience to a more secure form of authentication. This may be one reason that young people are more likely to adopt biometric authentication, the report said.

Analysis in the IBM Security report shows that attitudes regarding authentication vary widely, and while acceptance of newer forms of authentication such as biometrics is growing, concerns persist – particularly among older generations and people in the US.

IBM recommends that organisations adapt to these preferences by taking advantage of identity platforms that provide users with choices between multiple authentication options, enabling users to choose between a mobile push-notification which invokes fingerprint readers on their phone, or a one-time passcode.

Organisations can also balance demands for security and convenience by using risk-based approaches that trigger additional authentication checkpoints in certain scenarios, such as when behavioural cues or device location and IP address signal abnormal activity.

The study shows that younger generations are placing less emphasis on traditional password hygiene, which poses a challenge for employers and businesses that manage millennial users’ access to data via passwords.

As millennial and Gen Z employees begin to dominate the workforce, the report said organisations and businesses could adapt to younger generations’ proclivity for new technology by allowing for increased use of mobile devices as the primary authentication factor, and integrating approaches that substitute biometric methods or tokens in place of passwords.

Read more about authentication

Read more on IT risk management

Data Center
Data Management