<
Based on survey results, we segmented users into three categories based on their membership in social networks like LinkedIn, Plaxo, FaceBook and Twitter. With tongue firmly planted in cheek, we called users who belonged to just one (or zero) social networks Wallflowers. These represented about 45% of our sample population. A second segment, whom we called Friendlies (39%), belonged to two or three social networks. Those gregarious gladhanders who joined four or more social networks (15%) earned the label Gadflies.
Few options for managing account overload
The results of our survey confirmed our hypothesis. Users do indeed expect to take their PC-based online experiences with them on their mobile phones. But they face challenges keeping their accounts secure.
Users expect to take their Web experiences with them on their phone. Sizable majorities of respondents expect that in 2012, they will check e-mail with mobile phones (90%), share photos (77%), use a “real” HTML browser as opposed to WAP (77%), send instant messages in addition to SMS (69%), and conduct online banking (62%). These attitudes were similar across all demographics we analyzed.
Users struggle with managing their account passwords. In our survey, we found that users maintain 33 online accounts on average. Of these, about 16 are considered “sensitive,” meaning they would be problematic if compromised because they contain credit-card data, 401k details or employment information. Strategies for managing passwords for online accounts are not encouraging. About 29% of respondents keep their passwords the same across all accounts; 15% write their passwords down on paper. One-fifth (22%) use no particular strategy. A trifling 11% report using a form-filler/randomized password generator.
Users are willing to share basic information about themselves, but not much more. Most users are comfortable sharing their name and e-mail address with selected parties they trust (89% and 88%, respectively). However, even when they control how their own information is released (“opt-in”), few respondents are willing to share their nationality, current location and calendar free/busy time with others. Finances are the touchiest subject: only one respondent – out of 250 – was willing to share bank account or credit-card details.
Employers and financial institutions are the most trusted custodians of users’ personal information. Users trust their employers most to safely manage their personal information, and score them 3.6 on a 5-point scale, where 5 means “trust without reservation.” Banks and credit-card issuers follow, scoring 3.48 and 3.25 respectively. Mobile-phone operators score 2.9, above “only if compelled” and below “only after demonstrating safe custody.” Surprisingly, security vendors like Symantec and McAfee score slightly worse (2.68). Social-networking sites come in last (1.93).
Mobile operators don’t get credit for protecting personal information. Many carriers state unequivocally that they will not share customers’ personal information, under any circumstances. But their diligent efforts aren’t appreciated: respondents who work for wireless carriers rate themselves 3.22 on the “most trusted” scale – but everyone else rates them a half-point lower, at 2.71.
Lack of trust and tools
The data from our survey shows that users expect tomorrow’s mobile Internet experience to replicate much of today’s desktop experience, but that identity management will become a significant problem. We think this is for three reasons.
Lack of trust and transparency causes customers to limit the information they share. Users trust familiar vendors whose practices are transparent, and distrust unfamiliar ones. Smart mobile devices don’t have the right tools to help users manage identities. Passwords are insecure and hard to manage. Handset makers seem content to replicate the same broken system on mobile phones, too. That is a shame, because smart mobile phones have two security properties PCs can’t match: an out-of-band communications channel (SMS) and protected cryptographic storage (SIM). They also have enough processing power to work with privacy-preserving systems like SAML and Microsoft Corp.’s CardSpace. But other than by a few banks, these security features have been under-used by enterprises, merchants and carriers.
Some users want to share more information, but can’t. Heavy social networkers – the Gadflies – are almost twice as likely to share age, nationality and location information with parties they trust as do Wallflowers.
Path to ‘anywhere me’ goes through the mobile phone
As the mobile Internet becomes a reality, it will pull identity issues along with it. Users will take their identities – user names and passwords, personal attributes, location – with them on their phones. Vendors can significantly ease user pain by working together:
–Banks and credit-card issuers should consider offering identity services to customers. The high level of trust users place in financial institutions makes them well placed to function as custodians of customers’ personal information. Customers already trust their financial institutions for centralized bill-payment and card-replacement services. Identity management is a natural next step.
–Mobile operators should add identity management features to give users more control. Wallflowers won’t volunteer information about themselves, but Gadflies will. Carriers should add interfaces that allow users to share information if they choose. They should also create open standards that would allow customers to easily authenticate to Web sites using their mobile phones via SMS or SIM card.
Security-software vendors should ally themselves with trusted parties, rather than compete with them. The poor showing of identity management and security-software vendors suggests that they would be better off co-branding their efforts with well-known banks, card issuers and destination Web sites.]]
>
