Americans want passwords, not biometrics, survey finds

Fear of leaky organizations storing personal biometric data might be behind the public’s apparent dislike of fingerprints and voice recognition for authentication

Americans want passwords, not biometrics, survey finds

Most people aren’t interested in fingerprint authentication and other biometric logins, a study has found.

Free email portal and Yougov surveyed over a thousand folks around the world in July and discovered over half (58 percent) prefer traditional passwords.

A significant proportion of the respondents also said biometry was too hazardous, with “only 9 percent finding the use of biometric methods risk-free,” the mail provider said in its press release.

Skepticism and risk aversion is behind the suprising result, the researchers say. Almost half of the survey respondents (42 percent) say they don’t want “companies to save and use their personal biometric data.”

+ Also on Network World: 7 steps to biometric bliss +

Individuals expressed concerns that system snafus would stop them from getting into accounts; others vexed about hustlers “overcoming biometric authentication methods” and heisting funds.

It’s also possible, but not mentioned in the survey, that some are worried about the now-unknown extent that individuals might in the future be compelled by judges to unlock fingerprint-locked devices. In 2014, a judge ruled that police couldn’t “force criminal suspects to divulge cellphone passwords, but they can force them to unlock the phone with a fingerprint scanner,” according to the Wall Street Journal (paywall).

In any case, the new survey “shows that biometric login methods are far from becoming a mass market,” says. “Few are supporters of these new technologies.”

And indeed, less than a quarter (22 percent) of those surveyed say biometry is a “good addition” to passwords, and only then when the biometric data (fingerprints, eye scans, facial and voice recognition, and the like) is combined with passwords and PIN numbers.

An alternative to passwords needed

Interestingly, the survey’s question pool provided some revelations as to why those responsible for securing the world’s financial and personal data need to figure out an alternative to passwords, whether the end user likes it or not, and fast.

Only 8 percent of the respondents (who chose to disclose how they generated passwords) used a password generator, whereas 43 percent either based them on “easy-to-remember letter or number sequences such as ‘123456’” or personal data such as “birthdays and names,” including names of pets and so on. Simple numerical and letter combination passwords can be rapidly hacked with software.

Twelve percent use the first characters of a memorable sentence.

Only 14 percent of the survey disclosers use any special characters, although 29 percent do use a combination of numbers, lowercase and uppercase letters, special characters and punctuation marks.

A little over a year ago, account security firm Telesign found that about half of respondents to a survey then, said their passwords were over five years old. This just-released survey reckons 15 percent never change passwords for the most important accounts, such as banking.

Interestingly, new advice from some experts now suggests that changing passwords frequently might not be such a good idea: The more you change a password, the more likely you are to be lazy about it and choose something easy to crack, researchers from the Carleton University in Ottawa, Canada, say in their paper (PDF).

In that case, they say “often new passwords are algorithmically related to old, allowing many to be found in few guesses.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10