It’s hard to believe, but the security of your customer’s account is at risk when an entirely different, and unrelated, enterprise to which your customer subscribes is hacked.
How is this possible? Is your customer’s information vulnerable because both your enterprise and the hacked enterprise uses the same software stack for security? Or both enterprises use popular networking hardware and the latest update inadvertently created an exploitable flaw? These are certainly possible reasons, but they are so unlikely as to be safely ignored. The real reason is actually pretty simple.
Your customer’s information is vulnerable because users intensely dislike creating and remembering strong passwords. Essentially, they suffer from password fatigue. To cope, they create weak passwords and reuse the same password across accounts.
A 2012 study by Janrain surveyed 2,208 adults in the US and found 58% have five, or more, unique passwords. 30% of the respondents had 10, or more, unique passwords. So, are five to ten passwords enough? Actually no, that’s not nearly enough.
A 2013 Technology, Media, and Telecom (TMT) report by Deloitte found that the average user has 26 password-protected accounts. In an interesting corroboration of the earlier Janrain study findings in which users typically have five unique passwords, the TMT report also finds that the 26 accounts are accessible through merely five, unique passwords.
But maybe that’s not such bad news, can five strong passwords be sufficient? Unfortunately, the difficult combination of entering lengthy and elaborate passwords on a mobile device and the limits of reliable human memory mean the five unique passwords are likely to be weak. A report by George A. Miller of Harvard University explains how human memory is limited and flawed when confronted by large, abstract, sequences of data.
Why does the user’s password discipline matter to your enterprise? It matters because when users have to track too many logins and passwords, they resort to a single password for multiple accounts. Even if they don’t use exactly the same password, it’s probably not too hard to figure out their strategy for changing the password at each site.
Changing the user’s habits is not an effective option. Authentication through biometric measurements, on the other hand, can help. Samsung Pass provides many significant benefits for implementing biometric authentication, including the following:
Samsung Pass combines the biometric authentication that is built into certain Samsung devices with the underpinnings of the famously secure Samsung Knox™ platform to protect the device and provide the device user with security and peace of mind.
See the Samsung Knox web site for a thorough description of Knox and the ARM® TrustZone®.
Once a user opts to use biometric authentication with a Samsung Pass enabled app and the user’s identity is successfully authenticated by Samsung Pass, the user only needs to repeat the biometric measurement for all future logins with the Samsung Pass enabled app. Biometric scans are quick and convenient which also improves the user’s satisfaction with the app.