The Future of Digital Authentication: Consumers Are Passing on Passwords
Posted by Adam Lowe, PhD, Chief Product and Innovation Officer, Arculus on 24th Apr 2023
Passwords are a problem, and if you’re running a business that requires user authentication, it’s your reputation on the line when hackers and fraudsters have your business in their crosshairs.
As global consumers embrace the digital ecosystem and spend more time online and using mobile apps, “password fatigue” is leading to poor password hygiene as the number of passwords and logins consumers are managing becomes unwieldy. Some users have just given up, using the same recycled passwords across multiple accounts. Think about your own collection of passwords, or the tried-and-true throwaway password you use for one-off purchases that could still leave your credit card information vulnerable. How secure are they? How many people do you know that regularly use unique, complex passwords for every login?
According to recent data from PYMNTS, 61% of respondents said they’d be willing to pass on passwords, and that number increases for mobile app users and those who interact with a business through multiple platforms. More than two-thirds of mobile app users said they would be willing to go passwordless, and three-quarters of those who log in using multiple platforms would ditch the password.
This password conundrum comes at a time of increasing cyber threat. Cyberattacks impacted more than 422 million people in 2022, finds the Identity Theft Resource Center. Estimated losses due to payment fraud are expected to surpass $48 billion by 2023, according to Juniper Research.
Passwords clearly aren’t the answer.
How can businesses balance consumer fatigue with the increasing need for robust security?
From SMS 2FA to Biometrics: Evolution of Authentication
More than 90% of businesses today use two-factor authentication to prevent fraud, up from 64% in 2019, but hackers are getting smarter and finding ways to thwart some of those systems. For example, SMS 2FA in which a one-time code is sent to a user via SMS, can be easily spoofed or intercepted by hackers. According to data from Forrester, SMS 2FA stops only 76% of attacks, remaining vulnerable to man-in-the-middle attacks, social engineering and SIM swapping. That means one in four of these attacks succeed, and that kind of failure rate for a security measure should simply be unacceptable–for financial accounts and beyond.
While multi-factor authentication is a good start, the best-in-class options today combine advanced identity verification with tools like biometrics and FIDO2 authentication. Consumers are ready for a new authentication ecosystem.
Biometrics authentication provides one additional layer of security for your customers. Nearly 80% of U.S. businesses surveyed say they’re using biometric authentication; that’s more than three times the number that deployed biometrics in 2019. And the global biometrics market is expected to grow to more than $59B by 2026 as users and businesses alike embrace new technologies.
At Arculus, we believe so strongly in the biometric authentication layer that we made it one of the three factors of authentication needed to make crypto and other digital asset transactions in our Arculus Cold Storage Wallet.
But biometrics are just one step in the right direction, especially when customer experience and retention come into play.
Tech Giants and Modern Authentication Paradigms
Recent moves by industry heavyweights Google, Microsoft and Apple toward passkey systems will help ease the transition for consumers away from password-based sign-ons toward more sophisticated authentication technologies, Lenny Gusel, former head of cybersecurity solutions at J.P. Morgan and fraud strategy executive at Bank of America, told PYMNTS. I agree.
He elaborated on how the ubiquity of these new technologies will lower the entry cost and make it much easier for companies to incorporate advanced authentication into their products and services. “Companies must look at advanced payments authentication past the sign-in stage and to the actual moment a consumer makes a payment.”
Arculus & FIDO2: The Gold Standard in Secure Payments
This is where the Arculus Secure Authentication Solution plus payment technology can help your business grow.
Arculus brings FIDO2 authentication technology to premium metal payments cards, turning customer debit or credit cards into sleek authentication tools that can eliminate the need for more vulnerable authentication protocols.
And FIDO is the only widely available phishing resistant authentication for MFA, says Jen Easterly, Director of the Cybersecurity & Infrastructure Security Agency. “I urge every CEO to ensure that FIDO authentication is on their organization’s MFA implementation roadmap. FIDO is the gold standard. Go for the gold.”
Today’s customer is highly security conscious, with 83% saying security is highly important, but 80% say user experience is as well. Customers are also looking for prestige and an elegant form factor. More than 75% of millennials say they’d choose a metal credit card if offered, according to a recent report from Edgar, Dunn & Company.
A FIDO2-enabled payment card brings the two together for your customers, bringing them the comfort of state-of-the-art security and a sleek metal card with a user-friendly, tap-to-authenticate system. Today’s consumers are well-versed in the tap-to-pay experience, and this will allow you to drive your business forward with the next generation of authentication, that’s simple, secure and easy to use.
This is where we see the future of authentication: moving beyond the password with a sophisticated piece of technology that also looks sleek and that your customer will keep at the top of their wallet.