Light Dark
December 18, 2017 By Larry Loeb 2 min read

A recent study has found that consumers are aware of, and are favorably disposed to, authentication methods that don’t include traditional passwords. Sponsored by Visa and conducted by AYTM Market Research, the survey of 1,000 U.S. consumers revealed that biometric authentication methods top the list of preferred password alternatives.

Smartphones Give Way to Smarter Authentication

The shift to smaller devices such as smartphones likely has a lot to do with this. Authentication methods such as fingerprint, facial and voice recognition are easier to use on the smaller screen space of a mobile device, while the devices themselves now have enough computing power to enable the use of such technology.

Mark Nelsen, senior vice president of risk and authentication products at Visa, told Help Net Security, “Advances in mobile device features are increasing the accuracy and speed of biometrics, such that they can be used for financial transactions. At the same time, consumers are widely familiar and comfortable with using biometrics for more than just unlocking their phones.”

Biometrics can help solve a common problem among users: password reuse. According to the study, consumers’ poor password behavior fits what has generally been known. For instance, less than a third of respondents have a unique password for each of their accounts, which represents a security risk.

The Consumer Demand for Biometric Authentication

The Visa study found that 86 percent of consumers are interested in using biometrics to verify their identity or to make payments. More than 65 percent reported that they are already familiar with employing biometrics.

Respondents had a generally positive view of the technology: 70 percent believe biometrics are easier to use than a password or PIN, and 61 percent believe biometric authentication is faster. Consumers also felt that use of biometric technology was a positive addition to security, with 46 percent of the belief that they are more secure using biometrics than using a password or a PIN.

Fingerprints were the most-used biometric recognition technique by consumers. Thirty percent said they had used it once or twice in the past, while another 35 percent said they use it regularly. In contrast, 32 percent of respondents have used voice recognition in the past, but only 9 percent said they routinely use it to authenticate.

Consumers are loud and clear: They want alternatives to traditional passwords. It’s now up to security professionals to provide them in a manner that is both secure and intuitive.

 |  |  |  |  | 
Larry Loeb
Principal, PBC Enterprises

More from

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature