Two-Thirds of U.S. Consumers Surveyed Use the Same One or Two Passwords for All Web Sites
Although consumers claim to be concerned about security, they have little tolerance for sacrificing convenience to safeguard that security, according to Gartner Inc. Despite widespread security concerns, consumers continue to rely on service providers to protect their safety and persist in using unsafe password management practices, preferring to maintain the status quo rather than exploring new security methods.
In September of 2008, Gartner surveyed approximately 4,000 U.S. online adults regarding consumer Internet security and fraud issues, and ascertained their interest in various ways to manage passwords for online authentications. The results remained consistent with previous years' survey findings that show consumers prefer convenience when it comes to security features. While the data collected focused on the use and management of passwords, Gartner believes that it has implications for consumer-facing Internet sites requiring authentication and for the use of user-centric identity frameworks.
"Two-thirds of U.S. consumers surveyed use the same one or two passwords for all Web sites they access that require authentication," said Gregg Kreizman, research director at Gartner. "Most U.S consumers want to continue managing their passwords the same ways they do now. They don't favor using software or hardware to help manage passwords, and user-centric identity frameworks such as OpenID and information card architectures face scarce consumer demand."
Web site owners seeking to improve authentication are grappling with how to accomplish this task while not turning away customers; as a result, new solutions must be found to balance security and ease of use.
"The survey findings serve to confirm our belief that there is a limited business for identity providers to manage general-purpose consumer identities and passwords to be used to access sites across multiple business contexts, such as financial services, government and healthcare," said Avivah Litan, vice president and distinguished analyst at Gartner. "Instead, it is more likely that these providers will have some success managing identities for limited use on multiple sites within a specific business."
Gartner analysts said providers have a duty to provide a compelling justification for consumers to adopt additional security measures; a change in perception could precipitate an increase in sales.
Mr. Kriezman said that online product and service vendors should redouble their marketing efforts to illustrate the advantages and practicality of routine and stronger authentication for consumers, and should provide appropriate pricing to encourage adopters.
"Enterprises with consumer-facing Web sites that require stronger controls than weak password authentication alone should continue to augment passwords with complementary mechanisms, such as device identification, geolocation and transaction verification," Ms. Litan said.
Additional information is available in the Gartner report "Consumers Don't Want to Change the Ways They Manage Online Passwords." The report is available on Gartner's Web site at http://www.gartner.com/DisplayDocument?ref=g_search&id=867812&subref=simplesearch.
Additional information and practical advice on identity access management will be presented at the Gartner Information Security Summit, taking place from June 28 through July 1 in Washington, D.C. The Gartner Information Security Summit hits the critical spot between strategic planning and tactical advice. Gartner analysts, industry experts and IT security practitioners deliver unbiased, realistic analysis of the current state of information security, as well as an independent vision of how things will evolve over the long term. For complete event details, please visit the Gartner Security & Risk Management Summit Web site. Members of the media can register by contacting Christy Pettey at email@example.com.
Mr. Kreizman and Ms. Litan are also presenting at the Gartner Identity & Access Management Summit 2009, taking place in London on 23-24 March. For complete event details, please visit the Gartner IAM Summit Web site at www.europe.gartner.com/iam. Members of the media can register by contacting Holly Stevens at firstname.lastname@example.org.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 8,300 associates, including more than 1,800 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.