Digital Transactions Authoritative, insightful and timely information for payments professionals
Consumer behavior poses just as much of a threat to the proper use of passwords as do the actions of criminals intent on cracking those passwords.
That’s the assessment of a new report from Javelin Strategy & Research, a Pleasanton, Calif.-based consulting firm. The “In Search Of A Better Password Policy” report released this week, finds that of the six major security challenges facing passwords, only half of them are criminal in origin, including data breaches, malware infections and social engineering. The other three are due to consumer behavior, including using the same password across multiple sites, insecure storage, and using easily guessed passwords.
For example, consumers with between one and 10 online accounts have, on average, 0.78 passwords per account, compared with 0.35 passwords for consumers with more than 20 online accounts.
“Passwords are the first line of defense for online accounts, and it is that ubiquity which contributes to their compromise and misuse,” the report states.
Because financial institutions generally have stronger password policies than many non-bank organizations, criminals look for ways to get to consumer funds via other methods, such as using email to reset online financial account passwords or making fraudulent transactions on retailer Web sites.
Javelin’s recommendations include measures to better educate accountholders about secure password creation, mandating forced password updates and adopting two-factor authentication.
Meanwhile, organizations like the Fast Identity Online (FIDO) Alliance have emerged to replace passwords altogether with other authentication technologies. FIDO published its first technical standard earlier this week.
