LoginRadius, a leading cloud-based customer identity and access management platform, released a white paper discovering common password issues, plus the password-less solutions that enterprises use to successfully improve customer experience (CX).
The white paper further outlines the challenges of username /password authentication, consumer trends in creating and managing passwords, secure and streamlined authentication methods, benefits of password-less authentication.
Why Passwords Fail
Password complexity is weak
FAIL: Passwords may meet complexity, yet still be considered weak because of password dictionaries
Passwords arenâ€™t unique
FAIL: People reuse passwords and newly leaked dictionaries contain previously leaked passwords
Passwords follow patterns
FAIL: In most cases, the top 100 patterns will crack the majority of passwords in an organization
Password cracking is easy
FAIL: With available hardware resources, it can take seconds to crack open most passwords
Top 3 Password Hall of Shamers
59% reuse their passwords everywhere â€“ at home and at work.
87% of millennials reuse passwords, despite knowing better.
Over 70% of employees reuse passwords at work for all their work apps.
Customer and Business Pain Points
Issue 1 - The Easy vs Secure Conundrum
Customers want fast, easy access to every site or app they use. Yet, 90% of internet users have data privacy concerns. If customers arenâ€™t given secure, yet easy login and sign-up access, theyâ€™ll take matters into their own hands. Theyâ€™ll create vulnerable passwords that jeopardise digital infrastructure and their private data.
Issue 2- Interrupted Customer Journey
Â· One-third of online shopping is abandoned due to forgotten passwords. It is also a threat to the health of your business.
Â· A recent study shows that 18.75% of cart abandonment occurs during password resets.
This indicates that even when consumers are committed to buying something online, delays make people reconsider purchasing. For this reason, smart enterprises will want to eliminate any obstacles in the conversion process.
ISSUE 3- Too many passwords
Password fatigue happens due to several online interactions like:
â€˘ Bill viewing or payment for telephone/cable/utilities
â€˘ Reviewing or paying for health/medical services
â€˘ Inquiring about government services
â€˘ Using software/apps for work
â€˘ Engaging with social media
â€˘ Making online purchases
â€˘ Managing your banking /finances
â€˘ Signing up or into educational portals
â€˘ Contributing to chat forums, review sites, etc.
ISSUE 4 - Weak Passwords
A dangerous side-effect of password forgetfulness is the use of easily guessable (aka hackable) passwords. A weak password not only puts consumer data at riskâ€”it puts the companies that hold this data at risk, too. Some extra authentication methods may include a notification email sent to the user or administrator.
Customer Access Solutions
An authentication method is called password-less when no password is being stored. Instead, your customers gain access to your website or app through an access code or link that you send to their phone or email.
One of the most popular password-less methods in use today is One Time Password (OTP). A no-password solution means better security and no-hassle sign-ins.
In the past few years, biometric authentication has become quite common and includes:
Fingerprint: Using TouchID, users authenticate in real-time by scanning their thumbprint on a mobile device that is matched to an image on file.
Facial Recognition: FaceID allows a user to authenticate in real-time by taking a selfie that is then compared to an image on file.
Voice Authentication: This technology analyses a customerâ€™s voice for unique characteristics, then matches that to a voiceprint on file.
Gesture Biometrics: Another futuristic password-less method being used today is called gesture biometrics. According to BioCatch, the software company that provides the Royal Bank of Scotland with this functionality, this system can detect imposters with 99% accuracy.
Bring Your Own Identity (BYOI)
CIAM software allows you to connect your app or website to a 3rd party provider that your customer uses. This way, your customers can sign in to your app or website using their existing credentials instead of creating a new password. Eg- Sign In with Apple.
Therefore, anyone who uses Apple will never have to remember a password when connecting to integrated 3rd-party apps. In addition, users can hide their emails, allowing for greater privacy and security.
A common example of BYOI is social login, where a customer may use Facebook or other social platforms to access a website or app.
Multi-Factor and Risk-based Authentication
Instead of asking people what they know (passwords), many enterprises are using authentication methods based on what people haveâ€”their smartphones. The common term for this is SMS-based authentication.
With this criteria, you can create a Risk Profile that recognises out-of-character customer actions.
Deepak Gupta, Chief Technology Officer & Co-Founder, LoginRadius, says, â€śAs technology pervades our lives, the need to remember passwords has grown considerably. Weak passwords and poorly managed login methods have become a pain point for both enterprises and customers, with severe security repercussions. In recent years, customers have got a big wakeup call about the value of their personal data and risks associated with it. We at LoginRadius, are helping businesses inspire customer confidence and prepare for password-less future with our solutions while complying with data privacy regulations.â€ť
Judging by the numbers alone, chances are that many of your customers may be putting your business at risk due to bad password practices. Thatâ€™s perhaps the strongest reason why password-less authentication is preferred by consumers and enterprises alike. A customer identity and access management solution can provide password-less, yet secure authentication options for your customers.
While passwords might not be entirely ghosted yet, the majority of consumers agree: they need secure, simple, and seamless sign-ins across all devices. For businesses who fail to use password-less technology, this can be the death knell. Thatâ€™s why smart enterprises arenâ€™t waiting for a password-less futureâ€”theyâ€™re preparing for it now.