In with the new, out with the old.
This pretty much sums up the dominating trends in authentication methods over the past several years.
With many traditional methods depreciated, more and more replacement technologies have been making an entrance into the market.
The question for businesses is which particular method will be the most adequate for their organization.
While the security strength of any given method is important to consider when deciding what tools to implement, user experience (UX) is a major factor that managers and company heads need to examine. A positive, smooth UX insures the ability for an organization to achieve compliance throughout their organization, with consistency over the long term, and also prevents the task of authentication from interfering with bottom line operations.
To help with this important decision, Secret Double Octopus conducted a broad based survey on employee preferences of password-alternative authentication tools in the workplace. With this data, companies can better ascertain what employee experiences are when deploying traditional methods as well as the different market leading alternatives.
Here is a glimpse of some of the important findings into authentication methods, contained in the report.
Apple’s Touch ID is the leading work-related password alternative, ranked first in all three surveyed parameters of ease of use, trust, & preference. This perception is likely influenced by two important factors. First off, fingerprint scanners have been the staple of biometric authentication for years. It is no surprise that users respect this method as secure and feel comfortable engaging with it. Secondly, Apple’s Touch ID has been a common feature on the brand’s devices for a while (originally released by the company in 2013), and has had time to integrate into the market. Users are simply familiar with this method.
Facial recognition has been around for some time now, but the new Face ID technology is setting a new standard for sophistication and friendliest with 81% of employees finding it extremely to somewhat trustworthy and 89% find it extremely to somewhat easy to use. One of them most important findings of the survey related employee’s willingness to using Face ID in the workplace. The report found that 60% would use it given the option. Taken together, these factors make Face ID a very promising option for integrating into the workforce as the technology becomes more common and familiar amongst users.
Relative to other alternatives, SMS verification scored high on user experience, with over 70% considering very to somewhat easy to use. When is comes to trustworthiness however, SMS was not preferred over Touch and Face ID.
Hardware tokens came in last on the ease of use factor, with less the 35% considering it easy to use. This is likely due to the nuisance of having to carry around and safeguard the actual token device. Token’s did do better on the trustworthy scale, but still fell short of Face and Touch ID.
Passwords are a burden to both employees and for the company as a whole. This is due to the fact that both workers and management need to invest heavily into keeping passwords secure.
When it comes to passwords, they are as strong as the users chooses to make them. There are a slew of factors that contribute to the security posture of both the password itself, as well it’s use over time. To address these factors, companies often institute a variety of policies. For instance, 91% of companies have a policy for password strength, leading to longer and more complex passwords. Organizations also tend to require that passwords are replaced with some regularity. Research has indicated that 76% of employees are asked to replace passwords every 3-4 month or less. All of this of course leads to passwords being increasingly difficult to remember.
Even with all of the resources devoted to securing passwords, passwords are still used
by employees in a way that compromises the company security. Workers often use irresponsible methods of remembering their passwords. In the Government/Public sector for instance, 39% of employees, reported that they use paper note to remember their passwords. Furthermore, 21% of employees surveyed use their work related passwords on other online services that may or may not have proper security, thus exposing their work-related password to a database that can be an easy target for hackers.
How do you remember your work-related passwords?
These damning findings on the trends of password use will like speed up the exit of this method as the industry standard, paving the way for newer, more secure alternatives to take its place.
The implications of this report promise to be crucial in guiding companies on how to best implement authentication effectively on a broad scale. The full text of this newly published research can be viewed here.
The Password is Dead. SMS is deprecated. What’s Next for Authentication?