Is it time to say “goodbye” to usernames & passwords?
The year 2020 will undoubtedly be looked back on as the year that digitization took a giant step forwards — not because it was the natural order of things, but because circumstances conspired to make it so. The touchpoint for many brands stopped being a young, smiling receptionist or gatekeeper; instead, it became a login screen.
Ever since the early days of the internet, registering and logging into online services has presented an impediment to the customer experience (CX). And for the organization behind the login screen, it’s security that is of concern. Authenticating online creates a clash between CX and cybersecurity, with the comprise position between the two still a difficult balance to maintain.
In today’s competitive marketplace, where an alternative is available with just another centimeter of scrolling down a Google search results page, a “good” customer experience just doesn’t make the grade. And because touchpoints are now often online, issues like forgotten usernames and passwords are certainly not uncommon. Everyone knows too well the rigmarole of the different stages of a password reset or a username reminder: a trail of failed attempts, re-entering information, waiting for an email, going through spam folders, hitting “Get Mail” ten times a minute. It’s during those tired processes that many customers think, “Maybe I will scroll an extra centimeter down the Google search return page.”
A fine example of this is an energy company. Most users don’t log in often, perhaps just to pay or check a bill once every few months. The chances of remembering a complex password are slim, so the password reminder/reset is an annoying part of a process that should be much simpler and not cause the friction and annoyance it usually does.
Additionally, consumers are often advised by government-backed organizations that switching providers is a positive step one can take, both for ease and for cost savings. So, the dichotomy of security and ease-of-use is especially relevant.
As the world transitions to an all-digital stance, the chances of a security breach in an organization become higher, primarily down to the fact that many consumers re-use their credentials for every site they visit and every service they make use of. Once a minor provider gets hacked (say, the credentials used for a gym membership scheme), then all that user’s services are open to infiltration: banks, savings, insurance, passport office, tax office, and so on.
The nature of a digital-first economy is that people have to go online, and in many cases, people are ill-equipped to cope and cannot or will not protect themselves.
Moving away from passwords
The digital login is an intrinsic part of the online experience, yet it has a significant impact on CX (customer experience) and cybersecurity. Getting the balance right can take a large investment.
One way around this resource-drain is the use of social media logins. As well as limiting the number of credentials end-users need to remember, their presence on a login page can make a service more appealing. And behind the scenes, some of the world’s biggest and best-equipped security teams are ensuring that the processes remain secure and compliant with government regulations worldwide.
There are also unique SMS codes or emails — one-time passwords (OTP) for a second authentication factor. OTPs are perfect for when low-frequency access is all that’s required, such as in the aforementioned energy company example.
On today’s mobile phones, biometrics such as facial recognition, PIN codes or fingerprints can also be leveraged. These are frictionless and are unsurprisingly on the rise for many online apps and services.
What does each of these methods of authentication have in common? They all address the twin aims of a better customer experience and the increased need for security in this increasingly digital world.
The sad truth is that companies rarely get emails or Tweets from grateful customers that say, “That login experience was painless and secure!” But when it isn’t, customers will be quick to raise an issue (often raising the issue noisily, too!), or worse: switch to the competitor that lay just a centimeter lower down the Google page.
Is this the end of usernames and passwords? Perhaps not quite yet. There are still many examples of where that age-old combination remains the most robust solution. But the side-effects online of the Covid-19 crisis have put the writing on the wall for the username/password duo. Brands need to respond to what consumers find easiest and balance that with what’s safest, and providers like Auth0 can help any company wanting to get the balance spot on.
- Personal details of 106 million international travelers to Thailand exposed
- Embedded finance ensures BNPL is not making banks irrelevant
- Only a third of developers truly understand the security policies they work with
- There’s a gender barrier to mobile phone ownership in Asia – and it matters
- Advocating a sustainable environment with modern technologies