Upload
iovation
View
58
Download
1
Embed Size (px)
Citation preview
2
T H E D E A T H O F P A S S W O R D S
2004
20122016
• components
“ Z O M B I E T E C H N O L O G Y ” D E M O N S T R A T E D
“But I’m Not Dead Yet!”The Mat Honan
Hack and the Year of the Mega Breach
Bill Gates at the RSA Conference
4
How do consumers value authentication?
How do consumers react to poor experiences?
What preferences exist for types of access controls?
How will FIs adapt to these preferences?
When will we turn the corner to “passwordless”?
5
J U L I E C O N R O YR E S E A R C H D I R E C T O R
n Head of Aite Group’s Retail Banking & Payments practice, covering fraud, data security, anti-money laundering, and compliance.
n VP-level product management roles in financial services, risk management and payment processing.
M I C H A E L T H E L A N D E R
D I R E C T O R P R O D U C T M A R K E T I N G , I O V A T I O N
n Manages go-to-market, launch and customer education activities for iovation’s authentication products.
n 20 years in VP- and director-level product management and product marketing roles for information security companies.
6
T O D A YA G E N D A
WHO WE SURVEYED
PRIORITIES FOR ONLINE BANKING
HOW BAD ARE WE AT USING PASSWORDS?
PREFERRED ONLINE AND MOBILE METHODS
RECOMMENDATIONS AND TURNING THE CORNER
8
W H O D I D W E S U R V E Y ?1 , 0 9 5 C O N S U M E R S A C R O S S A L L A G E G R O U P S
The survey distribution reflects overall U.S. population
distribution
“Omnichannel” users across mobile and web formats
10
W H A T ’ S I M P O R T A N T ?S I M I L A R I T I E S … A N D S O M E K E Y D I F F E R E N C E S
n Ease of use is as important, for most groups, as passive fraud prevention
n Interactive security and protection is increasingly valued
n A desire for “robust transactional capabilities” created the biggest delta between groups
11
n Transaction tagging
n Flexible reporting and transaction searching
n Internal and external transfers
n Integration with tax services and apps
n Digital onboarding
n Portfolio management
W H A T ’ S I M P O R T A N T ?S I M I L A R I T I E S … A N D S O M E K E Y D I F F E R E N C E S
13
n 107 accounts per average user, expected to be 207 by 2020 (Survey by Dashlane 2014)
n Paradoxically, the better we do at password hygiene, the worse usability becomes:dFouY#4!9n is a strong password but a nightmare to manage
N U M B E R O F U N I Q U E P A S S W O R D SS E C U R I T Y E X P E R T S R E C O M M E N D U N I Q U E P A S S W O R D S
14
n “Extremely frustrated” or even “Very frustrated” customers are at odds with the goals of most product owners
n And increasingly, even their paychecks
R E S P O N S E T O F O R G O T T E N P A S S W O R D SI N A W O R L D W H E R E E X P E R I E N C E I S K I N G , F O R G O T T E N P A S S W O R D S A R E A N A T H E M A
16
Device fingerprint: a collection of hardware and software attributes associated with a specific device, including device location
Eye vein biometric: Uses the device’s video recorder to capture distinct eye patterns
Facial recognition: Uses the device’s video recorder to capture facial shapes, with added tests for “liveliness”
Fingerprint biometric: Leverages a device’s embedded fingerprint reader
Knowledge-based authentication: KBA questions provide identity based on the answers to shared secrets
Mobile network operator data: Uses the operator’s own systems for authentication and authorization
One-time password: Sends a one-time password via text messaging or mobile push
Two-way text: Like OTP via text messages, but allows for consumer responses like “Approve” or “Deny”
Voice recognition: Unique biometric based on the characteristics of the user’s voice
But what do consumers prefer?
17
P R E F E R E N C E ST O P F I V E P R E F E R E N C E S F O R E A S E O F U S E A N D P E R C E I V E D E F F E C T I V E N E S S
Username/password
Fingerprint biometric
KBA
Device identification
Facial recognition
EASE OF USE EFFECTIVENESS
Fingerprint biometric
Eye biometric
Username/Password
KBA
Facial recognition
18
W I L L I N G N E S S T O E N G A G E
• Preferences for Mobile push and Two-way text
• But also Some markedly negative responses
• Particularly among Seniors’ dislike for Mobile push technologies…
• And in every demographic a negative response to voice recognition
20
n One quarter are not interested in changing, regardless of the use of incentives
n More than half would change even without an incentive
n The balance could be persuaded to change with $10 to $25 incentive
W I L L I N C E N T I V E S C H A N G E B E H A V I O R ?A N D H O W M U C H I N C E N T I V E I S R E Q U I R E D ?
21
n Differences between demographic groups can be stark
W I L L I N C E N T I V E S C H A N G E B E H A V I O R ?A N D H O W M U C H I N C E N T I V E I S R E Q U I R E D ?
22
n Start with the mobile channel
n Enable multiple forms of authentication
n Leverage the complementary nature of notification and authentication strategies
n Tailor education to customer’s demographic group
n Consider providing incentives to shift behavior
R E C O M M E N D A T I O N S
Something you KNOW
Something you HAVE
Something you ARE
23
A T H R E E - P R O N G E D A P P R O A C HC O L L A B O R A T I O N B E T W E E N C O N S U M E R S A N D T E C H C O M P A N I E S
Consumers
Tech Companies
ENLIGHTENED & CONCERNED CONSUMERS
HARDWARE & DEVICE MANUFACTURERS
AUTHENTICATION SOFTWARE PROVIDERS
ACME
24
A T H R E E - P R O N G E D A P P R O A C HC O L L A B O R A T I O N B E T W E E N C O N S U M E R S A N D T E C H C O M P A N I E S
Consumers
Tech Companies
ACME
Still leaves the problem of entrusting your credentials to a
centralized store that could be breached
Focused on ways to make “future
concepts” a current reality
25
G O T O W W W . I O V A T I O N . C O M / R E S O U R C E S
R E S O U R C E S
AITE REPORT ON CONSUMER PERSPECTIVES
A comprehensive survey of consumer perspectives on authentication and the responses needed by the FI community
ADDITIONAL RESEARCHAVAILABLE SOON
Follow-on research on the impact false positives have on customer experience