IBM Security released the results of a global study about authentication usage and attitudes on Jan. 29, that provides insight into how different demographics view digital identities.
The study is based on a survey of 4,000 adults in the U.S, Europe and Asia-Pacific (APAC). Among the high-level findings in the report is that 70 percent of respondents ranked security over convenience, as the top priority for financial applications.
"The biggest positive surprise for me was to see users care about security to the extent they did," Limor Kessem, Executive Security Advisor, IBM Security, told eWEEK. "Overall it seemed people understand the importance of securing their accounts, and they would go the extra mile to do that with the additional steps offered by service providers, which is an encouraging trend."
The study also revealed user attitudes about biometric authentication technologies. 44 percent or respondents identified fingerprint biometrics as the most secure method of authentication. In contrast, only 27 percent rated passwords as being the most secure from of authentication.
Different age groups also have varying usage patterns and views on using biometric technologies for digital identity authentication. Kessem noted that nearly half (48 percent) of people under the age of 34 use fingerprints to unlock their personal smartphones, compared to only 22 percent of those over the age of 55. Additionally, 11 percent of those under the age of 34 are using facial recognition to unlock their phone compared to only 2 percent of those 55 and up.
While millennials are big adopters of biometrics, they tend to fall short when it comes to the use of complex passwords. IBM found that 42 percent of millennials used complex passwords with special characters, numbers and letters, In contrast, 49 percent of users 55 years of age and older reported that they use complex passwords. Millennials also tend to re-use passwords, with 41 percent admitting they used the same password on more than one site. Only 31 percent of older users age 55 and over, admitted to re-using passwords.
"Millennials are the worst when it comes to creating complex and unique passwords, which is a big liability for those using password only approaches," Kessem said. "The study results show that millennials place higher value on convenience and memorizing dozens of new, complex, unique passwords is cumbersome, especially as these users are likely to have a growing number of accounts that require such passwords."
Though millennials are more likely to re-use passwords, the study also found that they are more likely to use password managers. 34 percent of millennials reported using a password manager, while among those age 55 and older, password manager usage is only at 17 percent.
"Millennials may be taking the lazy, but smarter way with passwords overall," Kessem said. "It could also be that younger users recognize that password-only access is outdated and not very secure and we see that they are more comfortable adopting other technologies like biometrics, MFA (multi-factor authentication), and password management tools."
Kessem added that ultimately millennials do want to be secure, but they are looking to more convenient and rapid ways to achieve it.
The Future of Identity
Looking forward, the future of digital identity authentication will likely involve multiple types of technologies.
"As we transition into a future where password-only access becomes scarce, it will be important to integrate flexible platforms and risk-based approaches into how we authenticate users," Kessem said. "The idea is to combine different methods in a multi-factor authentication scheme, offering the users more choices to drive better adoption."
Passwords are not going away and Kessem expects that passwords will continue to be a part of overall authentication schemes in the immediate future. As such, creating strong and unique passwords is still an important part of the secure authentication equation. Kessem noted that users should create longer 'passphrases' (a string of unrelated words, 20 characters or more) instead of character and number-based passwords, to help improve password security.
"On the technology side, using risk-based authentication and behavioral biometrics behind the scenes can also help service providers and employers improve the experience for the end user, by checking for anomalies and only soliciting additional steps when certain risk factors are detected," she said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.