Report: Passwords Not Good Enough for E-Shoppers

The vast majority of consumers who shop on the Web want online companies to do more to verify identities on the Internet, even if it means more work for shoppers, according to a report from Jupiter Media Metrix (Nasdaq: JMXI).

Current systems, which rely heavily on passwords being remembered by shoppers, do not go far enough in providing adequate security. In addition, they are cumbersome for the fast-growing contingent of older Web users and generate a large volume of customer service inquiries, Jupiter found.

“Current password-based online authentication is cumbersome, insecure and unsafe,” Jupiter analyst Rob Leathern said.

Forgotten Passwords

In fact, up to 10 percent of all calls and e-mails to customer service units entail forgotten passwords or usernames, Jupiter found.

This data comes on the heels of a host of possible solutions floated by credit card companies and Internet infrastructure providers. For instance, Visa USA unveiled its “Verified by Visa” password system in December, while IBM and VeriSign announced last month that they will work together to improve e-commerce security for enterprise customers.

Those and other efforts are important, Leathern said, because without new approaches, e-commerce will “not reach its full potential” and the promise of using customer data to provide enhanced services and targeted commerce will go unfulfilled.

Consumers Willing

Jupiter said online shoppers are increasingly willing to register with Web sites by providing personal information. Forty-seven percent of consumers now are comfortable with that approach, compared with 26 percent in 1999.

But venturing online still makes consumers nervous. Just 14 percent of shoppers said they see no need for additional Web security, compared with 24 percent who said offline shopping security is fine the way it is.

In fact, 80 percent of consumers said they would be open to additional authentication measures to make online purchases more secure.

PINs and Needles

The most logical approach, Jupiter said, is for consumers to use an authentication card or another system that is familiar to consumers and is available both on- and offline.

Nearly half of all consumers told Jupiter they would be open to using a personal identification number (PIN), such as those used to access ATM machines. An additional 32 percent said they would be willing to type in a portable password created by their credit card company.

Memory Lapses

Meanwhile, 42 percent of consumers say they are “annoyed” that they must use and remember different passwords for different Web sites. In fact, Jupiter noted, demographic changes that are creating an older Web population make a simpler system more important, since 42 percent of online shoppers over the age of 55 said they find it difficult to remember multiple passwords.

One problem is that many sites do not offer systems to help a visitor remember his or her password. Just 35 percent of online businesses provide such a system, Jupiter said, while 37 percent of companies said more than 10 percent of their customer service inquiries involved password problems.

“Although consumers are much more likely than they once were to register personal information with a Web site, overly cumbersome login requirements will hamper mainstream online commerce,” Leathern said. “Merchants and banks must join forces to increase consumer confidence in the online channel.”