New Ponemon Study shows that reliance on Usernames and Passwords inhibits Online Business

Customer Impact results in Inconvenience and Insecurity as current Authentication drives frustration and subsequent lost revenue and trust
Media Contact: 

Tom Rice
Merritt Group, Inc.

Apr 17, 2013

Palo Alto, Calif., April 17, 2013–The Ponemon Institute, an independent research center dedicated to privacy, data protection and information security policy, today released the findings of a new study, “Moving Beyond Passwords: Consumer Attitudes on Online Authentication” Sponsored by Nok Nok Labs. The study takes a deep dive into consumer perceptions around how organizations are securing their access, and what they would consider to be the ideal steps and technologies used to ensure that their personal information is protected.  

“This study shows the challenge presented by our continued dependence on the troubled password,” explained Phillip Dunkelberger, CEO, Nok Nok Labs. “Not only are breaches increasing because of password re-use across different web services, but this failure and insecurity is reducing consumer confidence when doing business online. It’s time we evolved our thinking about how businesses authenticate their customers.”

The study includes results from more than 1,900 consumers between the ages of 18 and 65-years-old in the United States, United Kingdom and Germany. Key findings include: 

  • Failed authentication thwarts online business. Approximately 50 percent of respondents were “very frequently” or “frequently” unable to perform an online transaction such as buying a product or obtaining a service because of an authentication failure on the website.
  • Most authentication failures happen because of the use of usernames and passwords. The majority of authentication failures happen because of forgotten passwords, usernames or a response to a knowledge-based question (such as a mother’s maiden name). Less than 50 percent of respondents said authentication failures occur because of glitches or inaccuracies within website systems or identity verification procedures.
  • Many consumers favor a single identity credential for a variety of authentication purposes. The majority of consumers (60 percent) would use a multi-purpose identity credential to verify who they are before providing secure access to data, systems and physical locations. The benefits of a multi-purpose identity credential are convenience (US & UK consumers) and security (German consumers).
  • Most respondents are comfortable with using biometrics. The majority of respondents believe it is acceptable for a trusted organization such as their bank, credit card company, health care provider, telecom, email provider or governmental organization to use factors such as voice or fingerprints to verify their identity.
  • Financial institutions provide the best online validation. According to respondents, the top five organizations that have the most secure authentication (in order of best to worst): banking institutions, credit card and Internet payment providers, social media, retailers, and Internet service providers.

“It comes as no surprise that we continue to see an increase in dissatisfaction from consumers when it comes to traditional authentication schemes involving usernames and passwords,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The good news is that there is a new sense of willingness to try emerging technologies and more complex identity verification systems to fix this broken system.”

To see the Executive Summary of the Report, please visit:

For the Full Report, please visit:

For more information, be sure to join the Ponemon Institute and Nok Nok Labs, for an informational webinar on May 1st 2013. Details here: 

Time: 08:00 PST / 11:00 EST


About the Ponemon Institute 

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit

About Nok Nok Labs 

Nok Nok Labs, Inc., based in Palo Alto, CA, was founded to transform online authentication for modern computing. The company is backed by a team of security industry veterans from PGP, Netscape, PayPal & Phoenix, and have deep experience in building Internet scale security protocols and products.  The company’s ambition is to enable end-to-end trust across the web using authentication methods that are natural to end-users and provide strong proof of identity.  For more information, visit