Consumers Accept Device Fingerprinting, Study Finds — InformationWeek.
Much as I’d like to say that consumers aren’t so much against “working for” strong authentication as they are at recognizing that KBA isn’t actually providing any security, at least the results are the same. KBA is being rejected. KBA doesn’t protect against even phishing and is just another set of hard to remember and manage passwords.
I still contend that users will definitely work for and even pay for strong authentication if they believe it is effective and if they believe what they are protecting has value to them. Why should I worry about my credit card being compromised when I know my liability is limited to $50 or some such manageable number. Heck, my credit card has been stolen a couple times via physical POS situations and it has never cost me any out of pocket money and at worst a couple minutes on the phone with my credit card company. Of course, it does cost me something as the losses to merchants and banks end up reflected back to me in increased fees, rates, etc., but all that disappears into the great “cost of doing business” economic effect.
Which then brings up the question as to why financial institutions, merchants, etc. aren’t looking to reduce their costs and increase their margins by offering strong authentication to:
- Give themselves a competitive edge over their competitors on margin
- Give themselves a competitive edge in customer loyalty by taking better care of their customers
- Offer price breaks and other incentives for customers that use offered strong authentication mechanisms
One of the online communities I spend time in has actually begun to self-regulate itself along the lines of those that use strong authentication and those that don’t. Want to participate with a group in that community? You have to use strong authentication offered in the context of that community. You don’t have to, but if you don’t you are precluded from interactions with the “better elements” of that community.
Just something to consider.
