German consumers want the greatest possible security and convenience when they are online. At the same time, they are surprisingly reticent about using new technologies that rely on biometric features instead of passwords when logging in – although these are precisely the answer to this desire. Correspondingly, only 29 per cent feel better secured in their online activities when they log in using face ID. This was one of the findings from Nevis’ recent study of German consumers. The study also provides valuable information on the areas where consumers need to catch up in terms of IT security, for example in the authentication methods they use.
In this representative study, Nevis, working together with the online market research institute mo'web research, surveyed 1,000 German consumers aged 14 and over. The study shows that the majority of consumers are aware that their personal data is exposed to considerable security risks when using sites on the World Wide Web – whether these are e-commerce, online banking or health services. It is also apparent that, despite this, users often behave contrary to this awareness.
It is worth noting, for example, that 14 per cent of those affected by a cyberattack say they have not changed how they manage their passwords or how they protect their accounts. Of the users who do take extra security measures, most of them (66 per cent) rely on the use of more complex passwords and 58 per cent on many different, complex passwords for different accounts.
In other words, these measures are preferred over two-factor authentication, which is only used by 41 per cent. This is despite the fact that this type of authentication is more secure than relying solely on a password for identification. After all, two-factor authentication uses two features to verify the identity of a user. These could be biometric data such as a Face ID or a fingerprint scan. If even more additional forms of identification are used, such as geolocation or the device ID of the smartphone, this is referred to as multi-factor authentication – which ensures even more security.
Those who have experienced problems are more ready to change their behaviour
Another result of the study is that logging in as easily as possible is a priority for 51 per cent. They give this the highest possible score of 9 or 10 on a scale of 1 to 10. However, one factor that proves to be error-prone in many login situations and thus causes frustration rather than comfort is the password itself. Consumers often even cancel purchase transactions because they have difficulties with password management.
But anyone who now expected that consumers would welcome apps that do not require a password but still offer a high level of security when logging in to online banking, for example, is mistaken. More than two-thirds of the study participants would not download such an app. One thing that is interesting, however, is that of those who changed their behaviour in terms of password security after a hacker attack, 52 per cent would be prepared to use such an app. Clearly, then, people who have already been victimised by online criminals are more open to new and secure technologies. On the other hand, the majority of users do not seem to be sufficiently aware of the threats posed by leaked or hacked passwords.
Face ID still too unknown for authentication?
As far as the acceptance of passwordless authentication methods is concerned, the study participants were specifically asked about their attitude towards face ID as a login option. This uses the individual facial features of the user as biometric identification features. The chance of an unauthorised person being able to use someone else’s face ID is one in a million. Therefore, this method is considered a very strong authentication option. It is often used as a second security factor in addition to the password or the device as part of a two-factor authentication process. Nevertheless, the study participants are sceptical about face ID. It is not just that very few people feel more secure when logging in using this method, more than a third even reject it outright and a large number (37 per cent) are undecided.
Considering the widespread desire for simpler login methods, this result is surprising. One reason for this may be that users still know too little about the advantages of Face ID. For companies, however, this circumstance offers several opportunities at once: if they can manage to make clear how uncomplicated and secure passwordless authentication via Face ID is, they will score points with their customers because they are responding to their customers’ need for convenience. At the same time, this sets them apart from competitors who still rely on the complicated, classic password-based login. And last but not least, a passwordless login app also means increased security for the companies themselves: They make hacked user accounts due to easily cracked passwords a thing of the past.
By the way: Nevis has added the most important results of this consumer study to another one for which 500 IT decision-makers were surveyed on the topic of IT and login security in the new “Security Barometer 2021”.