Usernames and passwords date back to the early days of authentication. They're not perfect, but users might agree that for the most part, they seem to work. That is, until you forget them, or an account gets hacked.
A Ponemon Institute study indicates that reliance on usernames and passwords puts up roadblocks for online business. Ultimately, that growing wariness might spur the channel to come up with more intuitive and user-friendly authentication alternatives.
A summary of the Ponemon findings
*Approximately 50 per cent of those surveyed said they were "very frequently" or "frequently" unable to perform online transactions due to an authentication failure on the website
*The majority of authentication failures occurred due to forgotten passwords or usernames or response to a knowledge based question. Less than 50 per cent of respondents said authentication failures occurred because of technical glitches
*The majority of consumers that responded (60 per cent) preferred a multi-purpose identity credential for verification before providing secure access to sensitive data and systems
*The majority of respondents said they were comfortable with biometrics, especially for organisations protecting personally identifying information such as a bank, credit card company, health care provider, telecom, email provider or governmental organisation
*The top five organisations that have the most secure forms of authentication are banking, credit card companies, web payment providers, social media, retailers and ISPs
"This study shows the challenge presented by our continued dependence on the troubled password," said Phillip Dunkelberger, chief executive officer of startup Nok Nok Labs.
"Not only are breaches increasing because of password reuse across different web services, but this failure and insecurity is reducing consumer confidence when doing business online. It's time we evolved our thinking about how businesses authenticate their customers."
Meanwhile, the study's findings are hardly the first time that passwords have been called into question as a strong form of authentication.
Reports have surfaced in recent months that illuminate growing dissatisfaction around password security, criticising it as an outdated form of authentication intended for a pre-Web 2.0 world and quickly becoming obsolete.
And more security offerings are either bolstering authentication with other mechanisms or foregoing it altogether.
Penetration testing firm Core Security has fortified the latest version of its vulnerability assessment tool with password-cracking capabilities.
Wave Systems has introduced an app that cuts passwords entirely from tablet authentication.
The growing backlash against passwords as a stand-alone tool has renewed interest in other forms of two-factor authentication, including biometrics, as a stronger and more reliable form of security.
Historically, the identity and access management (IAM) market has remained relatively static. While IAM and authentication products do well in certain compliance-driven verticals such as finance, government or healthcare, organisations have largely resisted their adoption.
The reason? They're a complication, costly and hard to manage while containing numerous disparate, moving parts.
New offerings could emerge
Growing dissatisfaction around passwords, however, could prompt new offerings to emerge that reopen a stagnant market by touting cost effectiveness and ease of use, deployment and manageability.
As mentioned previously by Channelnomics, the cloud might catalyse such a revival.
Security partners with cloud portfolios might want to consider adding cloud identity and authentication offerings into their mix as an attractive value-add -- especially as more organisations are forced to adhere to heftier compliance mandates.
That day might still be a long way off. Thus far, biometrics still hasn't taken off as some have previously projected. And while passwords might represent a source of frustration, most users aren't unhappy enough with them to supplant them. At least, not yet.
As part of our special editorial partnership, CRN is republishing this article by Channelnomics
From whaling and USB attacks to third-party exploitation, what will be the biggest threats facing end users next year? We asked execs at eight cyber-security resellers and consultancies to name their picks
Next-generation cybersecurity is rumoured to have hired Goldman Sachs as it gears up for going public, according to Reuters report
Cisilion's Hannah Cunningham gives a shortlisted finalist's view of last week's Women in Channel Awards
Chinese cloud vendor ramps up its European presence with two London datacentres