Consumers Prefer Biometric Authentication
A recently published report by the Chief Marking Officer (CMO) Council and the Business Performance and Innovation (BPI) Network shows that consumers view biometric authentication very favorably. 44 percent of consumers consider biometric authentication to be a better method than the alternatives. 34 percent of those surveyed said they would prefer to use biometrics as long as the system were secure. 10 percent indicated that they would prefer passwords or other forms of authentication over biometrics.
Passwords are an alternative authentication method, but one that consumers consider to be fraught with certain dangers. 68 percent of consumers reported password problems. Consumers are particularly frustrated with the quantity of passwords that they are responsible for, at least 55 percent of them are.
Password frustration is entirely valid. IBM’s 2021 Cost of a Data Breach Report found that 20 percent of breaches are caused by compromised credentials.
Finding consumer authentication preferences is important. One of the of the findings of the survey was that 60 percent of consumers claimed to have abandoned a business transaction due to frustration with the authentication process. A priority for consumers in the authentication process, (at least according to 81 percent of them) is that the company verify their identity “simply, quickly, and safely.” An even greater percentage, 85%, indicated that a difficult authentication process reflects negatively on the company and brand.
The survey was a poll of 2,000 consumers.
The tension in the findings is between privacy, security, and consumer preference. Passwords and biometric information are both considered to be personal information, and in some laws (such as the California Consumer Privacy Act) to be sensitive personal information as well.
Biometrics often consist of immutable characteristics, characteristics that can not be changed. That they can’t be changed makes it harder for one individual to fake another’s biometrics. However, their immutability, makes them a greater liability in a privacy context. If a bad actor gets your password, they can do some harm to you, but you can move on with your life, change your password and put it behind you. If they get a scan of your retina or fingerprint, they may be able to track you or impersonate you for the rest of your life.
From a security standpoint, biometrics are generally superior. A bad actor can’t guess an individual’s biometrics, the same way that they can guess a password. Furthermore, a brute force hack of someone’s biometrics seems like a hopeless cause, but brute force hack of a password is within reason. Even if a bad actor gains access to a scan of someone’s retina or fingerprint or other biometric information, that doesn’t necessarily translate to being able to access the person’s accounts. The format in which someone provides authentication may require the actual physical object, not just data about the object. When passwords are required a typographic input is usually provided to allow someone to enter their password. For biometrics, usually a scan is performed, which might require the bad actor to have a mold or model of the relevant body part.
The final consideration is consumer preference. In this poll, consumers indicated a preference for biometrics for authentication purposes. The weight of the factors seems to favor use of biometrics for security purposes, but seems to favor use of passwords when considering privacy concerns.
All three considerations need to be weighed. Consumer preference is relevant, but consumer preference may not adequately take into account considerations of privacy and security. Both of which can lead to liability.
For the foreseeable future, companies will continue to use both biometric authentication and password authentication. Clarip can help your organization with data risk intelligence so that you know the flows of such sensitive personal information in your digital environment. We can also help with data subject requests, consent management, data mapping, and much more. Visit us at www.clarip.com or call us at 1-888-252-5653 for a demo!