Mobile Authentication Challenges – Password
As security has gotten a significant amount of banking press lately, our conversations with concerned CISO’s have taken a more serious turn. Banks wishing to drive more products and improve customer experience see mobile applications either as a way to win gen Y clients or as table stakes in today’s marketplace. As the mobile platform war wages, device security options are not common and certainly don’t have the consumer mindshare that they do on PC’s. The size of the device means that loss and theft are real concerns not present with hardwired online banking. Password practices can’t be trusted – Here are some Quick hits from a 2010 password survey:
• 41 percent use the same password for multiple accounts.
• Only 16 percent create passwords with more than 10 characters in length.
• 4 in 10 people (41 percent) have shared passwords with one or more people in the past year.
Regrettably, consumers don’t seem to care about security on these easily stolen platforms and companies are yet to take serious steps to secure their apps.
The problem is only compounded by what is driving the requirements for mobile applications. Mobile platforms provide ubiquitous access in what is often a “substandard” experience. Consumers have accepted there will be some usability loss but appreciate that convenience is driving the use. Security is, unfortunately, inconvenient. This has resulted in applications only requiring a four –digit pin or saved passwords so that consumers only have to launch the application to access their accounts. Banks pushing for the applications are terrified that security will limit adoption and thus ruin the “customer satisfaction and retention” metrics that drove the original mobile development initiative.
Clearly, better security is essential to safeguard consumers from themselves and to protect our businesses.
Passwords are cumbersome and aren’t followed anyway. Recently people have looked to additional factors of authentication, but, as we will discuss in our next article, mobility eliminates the “multi” in multi-factor authentication.
This post was contributed by: