Authentication a barrier to online commerce for most people

Study finds growing dissatisfaction with existing authentication processes

Inadequate authentication and the plethora of user names and passwords people need to remember is a rising barrier to online commerce, with more than 50 per cent of people complaining that they "frequently" or "very frequently" fail to perform online transactions as a result.

That is one of the key conclusions of independent researchers at the Ponemon Institute, in a study sponsored by online authentication company Nok Nok Labs.

It also indicates a high level of frustration with authentication, with three-quarters of US respondents to the survey, and 71 per cent in the UK and Germany, responding that "authentication failure" is either "frustrating" or "very frustrating".

The study found that the conventional user-name/password authentication process was most to blame for this failure due to forgotten passwords, user names or a failure to correctly remember knowledge-based questions - such as, where were you born? Or, what secondary school did you go to?

The research suggested that users would prefer a single identity credential for a variety of authentication purposes - something that many people do in one sense by using one user-name/password for multiple different sites, despite warnings that such practices are unsafe.

It also found that, contrary to claims, users would be comfortable using biometrics as a form of authentication, especially for particularly sensitive applications, such as logging onto online banking or healthcare portals.

Indeed, according to respondents to the survey, banking institutions provide the most satisfactory authentication processes, with many banks now using devices from manufacturers such as Gemalto to add security that cannot easily be compromised by Trojans and other forms of malware.

However, problems with authentication are nothing new - internet users have complained about the user-name/password authentication process since it was popularised. One of the major problems with authentication systems, though, is trust: can users trust the organisations that they share their sensitive information with for the purposes of authentication not to mis-use that information?

For example, if a user supplied their mobile phone number and email address, could they be sure that the organisation would not, at any future date, use it for marketing communications instead? Or, use the information they gleaned to put together a database of their authenticated online activities?

Ponemon Institute surveyed more than 1,900 people between the ages of 18 and 65 in the US, UK and Germany. The full report can be downloaded from the Nok Nok labs corporate website, www.noknok.com.