What are you searching for?

CUSTOMER

Latest developments in authentication

January 23, 2020
4 min

“Please first confirm you are not a robot”

On average, each user has about 100 online accounts, email accounts, social media accounts, and customer accounts, with nearly that many passwords and special characters to remember. What's more, this number is steadily growing by roughly 14% per year, according to a Dashlan study.

This proliferation of accounts and passwords presents problems on multiple levels. First, there's scalability. The more accounts we create, the more passwords we have to remember and the more tedious authentication becomes. This is a major stumbling block when building a smooth and successful customer experience. A full 31% of consumers report that they often leave a site if they have trouble remembering their login information.

Some 85% of online users are not satisfied with authentication processes. Half of those respondents think that authentication takes too long and is not very secure. In light of these numbers, there are alternatives to traditional passwords. Rampant personal data leaks and thefts have made security a priority for both businesses and users, whose expectations are higher than ever. These new login solutions must be as reliable as so-called traditional authentication—or even more so—while offering a smooth, user-friendly customer experience.

Let's take a look at the latest developments in authentication.

Username/password:

Recommended password: “ZH./Ei8ù&hFCTvrSPm/keox4fA==”

Everyone knows and trusts traditional authentication, but it is showing signs that it is on the way out. Users find it annoying, and studies have shown that a password is actually not very difficult for a hacker to crack. As security rules become more complex (e.g., one uppercase letter, one lowercase letter, one number, one special character, etc.), remembering passwords becomes even more difficult. Users become more likely to reuse the same password, which presents a real risk for their personal data.

Although this solution is effective, it needs some improvements to be easier to use. First, user authentication would be easier if users were reminded of the password rules or if they were given a more descriptive error message. For example, an error message could indicate whether it is the email address or password that is incorrect. Second, password security rules have been shown to be quite ineffective, so they could be removed to allow users to choose a password in the format they like and can easily remember. One such format is the passphrase.

Passphrase

This method of identification is very similar to the traditional model, differing only in the password's format. Here, the password is a "phrase" or string of words.

Passphrase authentication is easy to implement because it involves simply removing the security rules and suggesting this solution to the user. It is also more secure. It will be very difficult for a computer to guess a random sequence of words. Yet it will be easier for users to memorize such passwords because they are free to choose a string of words that makes sense to them.

Two-factor authentication

Even though implementing two-factor authentication requires more technology upfront, it boosts the security of the user account considerably, without over-complication.

Once a user is "traditionally" authenticated, they will receive an email or text message containing a link or verification code valid only for a limited time. Users can also be immediately notified if someone attempts to connect to their account.

Still, this is a straightforward solution that is often suggested when increased security is necessary. Ideally, it would be offered to users as an option. Users would then be free to choose the severity/security level they need.

Social Sign-in

Social Sign-in simply involves users being authenticated through social connectors (Identity Providers), with just one click. Because social media is now part of the daily lives of consumers, this solution is becoming more popular for its convenience, speed, and security.

Social Sign-in targets the pain point of creating an account or logging in—and thus lowers the cart abandonment rate—by meeting user expectations for speed and ease of use.

Passwordless

This highly secure, user-friendly solution requires a little more work for IT teams. Here, rather than receiving a password, the user receives a link or code each time they want to log in. The link is unique and expires within a short period of time, ensuring a high level of security.

Biometric

From digital fingerprints and retinal scans to voice recognition and facial recognition, biometric authentication is gaining ground. The French regulatory authority CNIL recently authorized nine banks to test voice recognition for authenticating their customers.

Even though this solution requires integrating appropriate technologies, it is an excellent authentication solution that is both easy and secure. If there is one thing we all have on hand at all times that does not require thought and is very difficult to hack, it's our biometric data.

Biometric technology is still in its infancy, but it is clearly on its way to making the customer experience smoother, faster, and more secure.

Connected device

Finally, we are seeing the emergence of authentication by connected device. This method involves securing the connection between two devices and then using one to unlock the other. A familiar example is a car that can be started without having to insert the key, as long as the key is in the immediate vicinity.

This is a highly promising option, especially in the field of connected objects. Lots of medical devices and other connected objects containing personal data are already connected today. Although it may be difficult to be authenticated with each and every use, security is vital. Logging in through a connected device can make this experience smooth and even invisible.

We are in the midst of an authentication revolution, moving toward a simple, fast, and smooth user experience. The best authentication is completely invisible. Yet we still have a long way to go, with the majority of sites continuing to use the username-password system with complicated and restrictive security rules.

The time is now to move to simpler, more user-friendly solutions, which are swiftly becoming a key success factor for brands seeking to lower their cart abandonment rates and increase their ROI.

 

Interested to learn more about ReachFive?

Whatever you need - business cases, best practices, product presentation... our team of experts is happy to help you.

TALK TO AN EXPERT