Millennials poised to disrupt authentication landscape
Young adults are lax on passwords and more comfortable with biometric and multifactor authentication, according to new IBM study
Photo by Josefa nDiaz on Unsplash
People now prioritize security over convenience when logging into applications and devices, according to findings from a recent IBM study examining consumer perspectives around digital identity and authentication.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
Respondents also recognized the benefits of biometric technologies like fingerprint readers, facial scanners and voice recognition, even as threats to their digital identity continue to mount.
And, with millennials (those aged 20-36 years old at the time of this study) quickly becoming the largest generation in today’s workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future.
Data drives change
The evolving threat and technology landscape has created widely-known challenges with traditional login methods that rely heavily on passwords and personal information to authenticate identities online.
In 2017, data breaches exposed personal information, passwords and even social security numbers for millions of consumers. Add to that the fact that the average internet user in America is managing over 150 online accounts that require a password—a figure that’s expected to double in the coming years—and the security risks are clear.
"In the wake of countless data breaches of highly sensitive personal data, there's no longer any doubt that the very information we've used to prove our identities online in the past is now a shared secret in the hands of hackers," said Limor Kessem, executive security advisor at IBM Security.
"As consumers are acknowledging the inadequacy of passwords and placing increased priority on security, the time is ripe to adopt more advanced methods that prove identity on multiple levels and can be adapted based on behavior and risk."
According to the almost-4000 people surveyed by IBM, the top identity trends across the US, Asia Pacific (APAC) and Europe are:
- Security outweighs convenience: People ranked security as the highest priority for logging in to the majority of applications, particularly when it comes to money-related apps.
- Biometrics becoming mainstream: 67 per cent are comfortable using biometric authentication today, with 87 per cent saying they’ll be comfortable using these technologies in the future.
- Millennials moving beyond passwords: While 75 per cent of millennials are comfortable using biometrics today, less than half are using complex passwords, and 41 per cent reuse passwords. Older generations showed more care with password creation, but were less inclined to adopt biometrics and multifactor authentication.
- APAC leading charge on biometrics: Respondents in APAC were the most knowledgeable and comfortable with biometric authentication, while the US lagged furthest behind in these categories.
Security takes priority
While customers have long been thought to prefer a fast sign in experience with minimal friction, the survey results showed that people rank security as a higher preference than privacy or convenience for the majority of applications—particularly for money-related apps.
Security also ranked as the top priority for online marketplaces, workplace apps and email. For social media apps, priorities were less clear—with convenience taking a slight lead (36 per cent) followed by security (34 per cent) and privacy (30 per cent).
Where login methods are concerned, the survey found that certain types of biometrics are viewed as more secure than passwords, with 44 per cent ranking fingerprint biometrics as one of the most secure methods of authentication—compared to passwords and PINs (at just 27 per cent and 12 per cent respectively).
Among the top key concerns for users are the collection, storage and security of biometric data, as well as how it is used.
Age impacts use
Securing online identities is also impacted by generational differences, the survey results showed. Older adults display better habits when it comes to password creation, however younger generations are more inclined to adopt password managers (twice as likely, in fact), biometrics and multifactor authentication as a means to secure online accounts.
On average, for instance, people aged 55+ use 12 passwords, while Gen Z (ages 18-20) averages only five passwords—perhaps indicative of a heavier reuse rate.
Could all this be an indication that younger generations have less confidence in passwords and are instead looking to alternative methods to secure their accounts?
Younger adults also showed the strongest preference for convenience, with almost half of those under 24 (47 per cent) preferring a faster sign in experience to a more secure form of authentication.
Location impacts perspective
Geographic location has a strong influence on perception and familiarity with emergent authentication techniques, with the APAC region being the most knowledgeable and comfortable with tactics like multifactor authentication and biometrics. The US, on the other hand, lags furthest behind in awareness and comfort for most categories.
Specifically, the results highlighted that:
- APAC is most comfortable with biometrics today (78 per cent) compared with Europe and the US (65 per cent and 57 per cent respectively).
- Europe has strongest password practices as 52 per cent of respondents use complex passwords (compared with 46 per cent in APAC and 41 per cent in the US).
- 23 per cent of US respondents aren’t interested in biometrics now or in the future—a figure nearly double the global average.
Millennials: Disrupting the workforce
As the percentage of millennial and Gen Z employees in the workforce continues to grow, organizations and businesses can adapt to younger generations’ proclivity for new technology by allowing for increased use of mobile devices as the primary authentication factor.
Workplaces that can integrate approaches substituting biometric methods or tokens in place of passwords stand poised to benefit.
Adopting risk-based approaches to trigger additional authentication checkpoints—such as when behavioral cues or connection attributions (device, location, IP address) signal abnormal activity—will also help organizations to balance the demand for security and convenience.
The shifting authentication landscape, despite the security challenges it poses, is suggestive of the workplace to come.