Service Provider Cloud

Users Value Security Over Convenience – Finally

Security pros may be finally winning the fight to get users to value security over convenience.

Users' willingness to sacrifice security for convenience has been a long-time frustration for security professionals, but that seems to be changing. Users now rate security as more important than convenience, according to a recent IBM Corp. (NYSE: IBM) study: IBM Security: Future of Identity Study.

Security was particularly important for financial applications, while convenience was still a little bit more important for users of social media applications, according to the report.

Biometric and two-factor authentication are increasingly becoming more popular than traditional passwords, particularly among millennials. These younger ones were more likely to use those types of authentication technology, while older adults practiced better password hygiene, IBM says.

IBM surveyed nearly 4,000 adults worldwide. The study found that biometrics are becoming mainstream, with 67% of respondents comfortable using biometric authentication today. Further, 87% say they'll be comfortable with these technologies in the near future.

IBM Bangalore
IBM Bangalore

You're invited to attend Light Reading's Big Communications Event  – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!

Millennials, in particular, are comfortable with biometrics; 75% of respondents between the ages of 20 and 36 are comfortable with biometrics. And they're more likely to be careless about passwords: Fewer than half are using complex passwords, and 41% reuse passwords. Older users are more careful about passwords, but they are less likely to use biometrics and multifactor authentication, IBM says.

"Generational differences that emerged from the survey results showed that younger adults are putting less care into traditional password hygiene but are more likely to layer access with multifactor authentication, use biometrics for speed and convenience, and use password managers to secure their accounts," according to a report signed by Limor Kessem, IBM executive security advisor. "This could be an indication that younger generations have less confidence in passwords to begin with, thus looking to alternative methods to secure their accounts."

Companies that fail to secure data will pay a penalty with millennials, who are more likely to delete an account held by a breached service provider and move to a competing provider, IBM says.

Security beats convenience in all categories of apps, but particularly those where money is at stake: Banking, investing, budgeting, online marketplace and workplace, as well as email. The one exception in the IBM study was social media, where convenience still had a narrow edge over security and privacy. Users are still not awake to the vast and potentially dangerous amount of information about them held by social media platforms, IBM says.

How do users prioritize security, privacy and convenience for different types of applications? Source: IBM.
How do users prioritize security, privacy and convenience for different types of applications? Source: IBM.

IBM has advice for companies looking to do business with the new generation of more security-conscious users: adopt flexible identity platforms that let users choose between multiple authentication options. And businesses should also take risk-based approaches that balance security and convenience appropriate to the critical nature of the data being accessed.

The shift to security over convenience is a big change from a 2008 Gartner study, which found just the opposite. At that time, respondents said they used the same one or two passwords across online services, and they weren't interested in changing their methods to achieve greater security, Gartner said.

Security vs. convenience is a false choice, notes Cory Doctorow, blogger, technology activist and science fiction writer. It's "extremely inconvenient" to have "your identity stolen or your email published on the web or your baby monitor turned into a spycam," Doctorow writes. It's easier in the long run to exercise good security at the outset "than remediating the damage done from a security breach down the line."

User security is particularly important for cloud applications, which are frequently connected to one another and to on-premises applications, meaning that an attacker breaking into a single account on a single application can leverage that access to attack an entire enterprise. Also, while traditional applications require access to the enterprise's physical premises or WAN, pubic cloud applications are available all over the world, vastly increasing the attack surface. (See Cisco: Attackers 'Weaponize' Cloud Services.

Companies are lagging behind users in prioritizing security; businesses still prioritize expedience over security, at least in mobile, according to a recent Verizon study. (See Verizon Mobility Security Index Shows Enterprises Not Doing Enough.)

IBM published an infographic summing up its findings: The Future of Identity.

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

Page 1 / 2   >   >>
kq4ym 3/14/2018 | 2:45:15 PM
Re: I am dubious. Surveys are sometimes pretty biased even if not intentionally so. Without lots of experience and some testing, it's not usual that the sureys we come across are not measuring what the provider thinks is being asked. Time for the psychologist or social scientists to come in and make valid surveys for important matters.
Joe Stanganelli 3/9/2018 | 1:41:11 AM
Re: I am dubious. @mhh: Depends on the context and who's doing the reading.

I remember filling out a VERY lengthy survey after a far less than satisfactory stay at a particular hotel on a business trip. Lots of free-form essay answers. I expected to get some sort of apology. Nope. Nothing. It was like no one ever read it. My time was wasted, and I have limited my business with that hotel chain since.

But for free-form essay responses for public-facing reviews, like on eBay or Yelp or what-have-you, I find these quite helpful -- far more than the actual star/whatever ratings. I skim these for common threads and issues to determine if the issues others have noted are issues I would have a problem with personally.
mhhfive 3/8/2018 | 5:47:49 PM
Re: I am dubious. I think that's exactly why there's been a rise in popularity of just "thumbs up" .. and if they're lucky, "thumbs down" for simply ratings. 

Even free form text boxes can be useless.. I haven't used eBay in a while.... do users still say things like "A+++ would buy again" or whatever useless reviews were commonly posted many many years ago? 
Joe Stanganelli 3/8/2018 | 3:32:10 PM
Re: I am dubious. @mhh: The main problem of the 5-point scale, although much smaller, is that it allows for a neutral middle ground in the form of the 3rd selection.

The most useful and the most actionable data from surveys comes from not allowing people to hedge with a middle-ground option -- using a four-point scale instead, with highly specific/extreme language. Instead of, say, "Perfect/Excellent/Good/Fair/Poor" or whatever, customers really have to think about their more middling experiences to determine if they feel more positively or negatively about them.
mhhfive 3/6/2018 | 2:22:50 PM
Re: I am dubious. > "Survey questions that ask you to rate something subjectively on a scale of ten- or eleven-point scale."

Even the "5-star" scale is pretty useless, even though it's pretty much everywhere. I think Youtube stopped using a "star review" system a few years ago -- and just went for "Thumbs up" or "Thumbs down" ratings to make things easier for everyone. 
Michelle 2/28/2018 | 3:05:10 PM
Re: I am dubious. Ugh, I've seen some of those poorly worded surveys. They are terrible and they are designed with bias (though it doesn't always seem to be on purpose, still bad).
Joe Stanganelli 2/27/2018 | 10:42:34 PM
Re: I am dubious. @Michelle: Worse, we ask questions poorly -- in ways that are designed to maximize the chances of inaccuracy.

Classic example: Survey questions that ask you to rate something subjectively on a scale of ten- or eleven-point scale.

This problem has even persisted in IT, in threat assessment. This is why DREAD was revised to a three-point scale from its original ten-point scale. As Microsoft's David LeBlanc observed years ago, "what's the difference between discoverability of six and seven? Who the heck knows? I don't."
Michelle 2/27/2018 | 1:22:43 PM
Re: I am dubious. Indeed. Humans are generally messy and error prone. We're also pretty bad at self-awareness. This creates a lot of bad data, naturally.
Joe Stanganelli 2/26/2018 | 9:43:23 PM
Re: I am dubious. @Michelle: And we're not even talking about how we want others to perceive us. Sometimes, we answer survey questions with answers that we ourselves wish were true, or were once true, or that we hope to make come true -- instead of what the actual, ugly truth is.
Joe Stanganelli 2/26/2018 | 9:42:20 PM
Re: locked @kq4ym: For my own part, my approach is more a matter of libertarian practicality. Passwords, fundamentally, are supposed to be kept private. Your biometric features -- and especially your face -- are far from private.
Page 1 / 2   >   >>
Sign In