PYMNTS-MonitorEdge-May-2024

Users’ Habits Weaken Password Managers, Opening Door for Advanced ID Tools

Password managers were a good start in getting users to tighten their internet security, but ultimately, consumers’ behavioral habits may instead have set the stage for other solutions to thrive.

Consumers had seemed to be coming around to the fraud-fighting benefits of password security solutions as password managers gained millions of new users in recent years. The latest LastPass breach, which echoed a similar event in 2015, could not have come at a worse time for this sector’s growth, as alternative fraud-fighting tools are coming to market and beginning to gain favor.

LastPass is not solely to blame for this development, however, as poor user habits plaguing traditional password authentication can carry over to manager misuse and help lead to identity theft. One example of these poor user habits is having a manager’s master password mirror the passwords of external, more vulnerable, accounts. This and other types of lax security hygiene, such as clicking on phishing links, are a key cause of the rising number of identity and fraud incidents that occur each year. Issues such as these are problems password managers can’t solve.

A next evolution in authentication that may more effectively stand up to today’s fraudsters and other bad actors is advanced ID technology, a blanket term that includes tools such as voice recognition, keyboard logging, liveness detection and biometrics. These tools tend to rely less on memory (what a consumer knows) and more on what they can reliably do (use their voice, touch their fingerprint to a sensor, type as they always have). This next step in fraud-fighting is particularly necessary in the eCommerce space, where effective digital authentication methods are essential to a seamless consumer experience, especially for new customers.

The good news for businesses considering bolstering their authentication systems to include advanced tools is that, as noted in the latest “Digital Identity Tracker,” a PYMNTS and Prove collaboration, consumers who have used variants of this technology have demonstrated that they are very or extremely interested in using these verification techniques again. Data has shown that 57% who have used these technologies are highly interested in doing so again; only those who have not used these tools (or are unsure if they have used them) are likely to have no or negligible interest, at 61%.

Interest levels in using advanced ID verification technologies

Advanced ID tech has been touted recently for its promise in finding the right balance between security and customer convenience. This is especially important for merchants and financial institutions considering the implementation of these innovations, as friction can make or break checkout and other transactions such as bill pay. Some of the most-cited consumer pain points when it comes to this friction was concern about keeping track of login credentials by 31% of respondents, worries about username and password memorization by 25% of respondents as well as the 21% of consumers who carry doubts about browser safety when it comes to credential storing.

Along with these concerns, nearly half of consumers take issue with waiting a long time during the identification processes, indicating customer preference for reduced friction along the transactional journey. Advanced ID tech may solve some of these common consumer pain points, including removing the need for users to memorize authentication credentials.

Identity theft grows more insidious daily as routine activities shift online and consumers grow increasingly digitally connected. While the sophisticated methods used by hackers may be surpassing password managers’ capabilities (or the capabilities of those using password managers), it is good news for consumers and businesses overall that there are perhaps more effective technologies becoming widely available. After all, while the coming year is still wide open and holds few certainties, that fraudsters are readying financial crimes is almost surely one of them.

PYMNTS-MonitorEdge-May-2024