Story image

Biometrics vs passwords: How the generation gap is shaping workplace security

30 Jan 2018

Millennials are moving beyond the world of passwords and quickly embracing biometrics, leaving the older generations to continue carrying the password tradition, according to IBM Security’s Future of Identity Study.

75% of millennials are comfortable using biometrics, however fewer than half are using complex passwords and 41% reuse passwords. 34% use a password manager.

On average, those aged 55 and older use 12 passwords, however only 17% use a password manager. It is not clear from the study how people remember their passwords.

Millennials are also more likely to enable two-factor authentication after a breach (32%), compared to 28% of the general population.

IBM Security says that as younger employees dominate the workforce, organisations must be ready to adapt to the kinds of new technologies those employees bring in.

This could mean an allowance for increased use of mobile devices as the primary authentication device and integrating biometrics or tokens in place of passwords.

Asia Pacific respondents were the most open to biometric technologies. 78% are comfortable using biometrics today, compared to 65% of those in the European Union and 57% in the United States.

Fingerprint biometric technology is perceived as the most secure authentication method amongst all respondents (44%), followed by passwords (27%) and PINS (12%).

US respondents seem to be shunning the use of biometrics – 23% said they aren’t interested, which is almost double the global average.

“In the wake of countless data breaches of highly sensitive personal data, there’s no longer any doubt that the very information we’ve used to prove our identities online in the past is now a shared secret in the hands of hackers,” comments IBM Security A/NZ CTO Chris Hockings.

 “As consumers are acknowledging the inadequacy of passwords and placing increased priority on security, the time is ripe to adopt more advanced methods that prove identity on multiple levels and can be adapted based on behaviour and risk.”

Overall, security is now more important than the convenience factor – particularly as part of financial applications.

On average, 70% of all respondents rank security as the top priority for banking, investment and budgeting apps. 16% believe privacy is most important and 14% say convenience is most important.

Security also featured as a top priority for email, online marketplaces and workplace applications, however it is not so important for social media applications.

IBM Security says that organisations should recognise these preferences when choosing security solutions. Identity platforms that provide choices for multiple authentication options are able to provide flexibility and security.

The company also says that organisations can balance security and convenience by using risk-based processes that trigger additional security measures in certain situations, such as if an IP, device or location signal abnormal activity.

The 15-minute online survey totalled responses from 3,977 adults across the United States (U.S.), European Union (EU) and Asia-Pacific (APAC) regions, including:

•   APAC: 997 respondents (Australia, India, Singapore)

•   U.S.: 1,976 respondents

•   EU: 1,004 respondents (United Kingdom, France, Italy, Germany, Spain)

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."