By Richard Marr
The dramatic shift online for work, life and everything in between has put the spotlight on the management of digital identity. The mobile or desktop user interface, and more specifically, the login screen, is now most likely a customer’s first interaction with a business or service provider.
Passwords have been used since the advent of online transactions to verify someone’s identity by checking if they possess the knowledge required (i.e., a password) to access something. But are passwords enough as more of our digital identities are shared online?
Every time a consumer signs up for a website, they would likely be asked to create a username and password. Because this is such a common process now, it’s become almost second-nature for some users to set up their accounts without much thought about the credentials they choose.
In fact, new research from identity management experts Auth0 show that almost nine in ten consumers in APAC reuse passwords.
Consumer frustrations with login experiences lead to password reuse
According to the APAC consumers surveyed, when using a new website or online service, the main frustrations are creating a password that has to meet certain requirements (53%), entering private information such as a passport number, tax file number, medical card number, etc. (52%) and having to fill in long login or sign-up forms (50%).
This frustration leads to 89% of APAC consumers reusing passwords for more than one account – and more than half (51%) admitted to doing so frequently. And it’s not just in the region. Across the world, password reuse is still alive and well, with nearly nine in ten consumers (88%) admitting to the practice.
And unfortunately, there’s a lot at stake if a user chooses weak credentials. The continued explosion of data and traffic online means greater vulnerabilities and risk of cyber fraud. As the digitisation of activities continue to grow, attacks too, are growing in complexity and sophistication. For businesses and consumers of these new technologies, the emphasis on security is critical.
Consumers deserve safe and convenient alternatives to passwords
It’s hardly surprising that the research found consumers frustrated with the standard password and username method of authentication. As humans, we aren’t suited to remembering long, complex alphanumeric combinations, and need easier, faster and more secure forms of authentication, and it’s partly because of this that we’re seeing a rise in successful cybercrime.
For many of us, the password hygiene message simply hasn’t yet sunk in deeper than the frustrations we feel. This means our personal data, often across multiple platforms and accounts, could be at risk. As consumers, we need to take stock of our apps and online accounts and carve out time to download a password manager across our devices and develop strong, unique passwords.
Dr. Catarina Katzer, a leading cyber psychologist, shared with Auth0, “The majority of online users are now well aware that there are security problems with using the same username and password combination to register for multiple services. But we try to suppress that psychologically in the brain. The more extensive a registration process appears, the less inclined we are to go through with it. Convenience and simplicity play a major role here, which means we need to rethink security [in a way that doesn’t compromise the customer experience].”
Customer experience matters when it comes to security
For businesses, the login functionality has a huge impact on CX and cybersecurity and is vital to get it right.
Building modern authentication goes beyond usernames and passwords. Customer Identity and Access Management (CIAM) provides a framework for managing identity and enabling the right individuals to access the right resources at the right times for the right reasons.
Some solutions that can offer security without the friction that leads to user frustrations:
- Using social media logins is one way to avoid your customers’ needing to remember another email/password combo, in turn making your service easier and more appealing. A big plus is these social providers have some of the most world’s most sophisticated security teams working in your court, with all eyes on them from a compliance perspective.
- Unique SMS or email codes, also known as One Time Passwords (OTPs) is another way to eliminate the need for recall. OTPs are quick and highly effective for low-frequency yet important accounts, creating a much better experience and heightening security at the same time.
- Biometrics such as fingerprint scanning and facial recognition, which many will be familiar with via their smartphones, are also on the rise and offer a frictionless and secure experience for the end-user.
For businesses in APAC, our research points to persistent challenges in meeting customer expectations when it comes to security and user experience. As we continue this trajectory to digitisation, we need to see technology adapt to humans, not the other way around. Passwords will inevitably make way for alternatives that are driven by the adoption of the WebAuthn standard, but businesses need to prepare for that transition now.
About the Author:
Richard Marr is General Manager, APAC at Auth0, the identity platform for development teams. Richard has extensive experience with cloud-native, SaaS services and business leadership in the APJ region. He has a proven track record of building high performance teams to support organisations in building, running and securing modern applications both on-premise and in the cloud.