Online businesses are losing potential customers and substantial amounts of revenue because they’re dependent on traditional password systems and outdated customer authentication models, says a report released Tuesday by an access and identity management company.
Lost customers and revenues are caused by password sharing and friction created at websites by onerous authentication procedures, according to the report by Transmit Security derived from a survey of 600 U.S-based consumers 18 to 54 years old.
The survey found that half of the responding consumers admitted sharing a password to at least one of their accounts; and 41 percent acknowledged they share their passwords often.
“There are obvious losses of revenue from password sharing for subscription services, but there is a secondary impact on data collection,” observed Saryu Nayyar, CEO of Gurucul, a threat intelligence company in El Segundo, Calif.
“When multiple users are sharing an account, it dilutes the data and makes it less valuable,” she told bluehillco.
The report explained that if accounts are being shared by multiple users, service providers are less likely to accurately monitor usage and are unable to correctly personalize their offerings. Therefore, their user experiences can’t be personalized to meet the expectations of their users.
Service providers can’t give their customers what they want because they are unable to see clear user activity, it continued. This inability directly impacts potential revenue.
There are security concerns for a business, too.
“If you’re sharing passwords, it’s difficult for the business to understand who they’re talking to or doing business with,” explained Mike Reinhart, seniordirector of product marketing at Nok Nok Labs, an authentication solutions company in Palo Alto, Calif.
“It makes it difficult to identify if someone is a true authorized user or somebody who has compromised the credentials,” he told bluehillco.
Given that 65 percent of users reuse the same password across multipleaccounts, the report noted, once users share that one password with someone else they are essentially handing over access to multiple accounts they own.
It also maintained that traditional password systems are having a negative impact on the shopping experience of many consumers.
The survey revealed that 55 percent of consumers stop using a website because the login process is too complex.
Nearly nine out of 10 consumers (87.5 percent) told surveyors they’d been locked out of an online account after too many failed login attempts.
Worse yet, the study found that 92 percent of users leave a website instead of recovering or resetting their login credentials.
Horrible Customer Experience
According to the report, password problems for consumers begin long before they’re locked out of their accounts.
Data gathered for the survey shows that two-thirds of users (66 percent) will leave a website if the registration process is too complex, and nearly as many (64.5 percent) will abandon a site if they are asked to create a username and login.
“The number of consumers getting blocked from their online accounts because of poor password experiences is staggering,” Transmit Security CEO and Cofounder Mickey Boodaei said in a statement.
“Customers are dropping out of transaction processes — or failing to use a site at all — due to overly complicated, and oftentimes error-ridden password systems,” he continued. “These horrible customer experiences are costing businesses an unimaginable amount of money, not to mention the revenue that’s lost due to password sharing between consumers.”
Passwords have always been a sore point with consumers, but the situation seems to have gotten worse in recent times.
“It’s gotten worse because of the number of digital applications and the number of devices using those applications,” Reinhart maintained.
“Passwords slow things down,” he said. “People have to remember hundreds of passwords. On average, a person will have 80 to 90 apps on their phone, each with their own password, which is why people reuse them, and they’re easily hacked.”
Boodaei added that websites are adding to consumer password woes. “Websites are also putting more restrictions on password selection, making it harder for users to come up with passwords they can remember,” he told bluehillco.
Cart Abandonment Contributor
Consumers want a frictionless, fast and easy online experience, Boodaei continued.
“Passwords are proving to be an obsolete method that introduces much friction into the buying process,” he said.
“In fact,” he noted, “passwords are one of the leading reasons for cart abandonment.” He cited a March 2019 report by Mastercard that found one-third of online transactions are abandoned at checkout due to forgotten passwords.
In fairness to passwords, though, they aren’t the only security measures adding friction to shopping experiences online.
“2FA and Captcha are indeed a source for dissatisfaction, as they add stress to the login and sign-up processes,” Boodaei said.
“Many users find solving Captcha challenges hard and Captcha techniques are becoming less convenient,” he continued.
“2FA requires users to wait for text messages and copy codes, which is a stressful process that also adds a significant amount of time to the login process,” he added.
Despite the incessant criticism of passwords, they seem to be remarkably resilient.
“Eliminating passwords is a grand goal but it’s still a distant one at this stage,” observed David Stewart, CEO of Edinburgh, UK-based Approov, which performs binary-level dynamic analysis of software.
“A more pragmatic approach is to reduce abuse of passwords which are leaked to ensure that those passwords are only ever used alongside a second independent factor,” he told bluehillco.
“2FA is one example of that, but it is an approach that carries with it considerable friction for the consumer,” he continued. “Other approaches make use of second factors ‘under the hood’, delivering strong security but without troubling the user.”
“So, we should focus on replacing passwords in the long term while in the short term consider how to ensure they are not abused at scale,” he added.
Rob Shavell, CEO and cofounder of Abine, a password management software maker, maintained that announcing the end of the password era because they’re being replaced with more technically advanced ways to access and authenticate users is very, very premature.
“Typically, it’s companies that are profiting from new ways to go beyond passwords that are announcing that passwords are dead and everyone needs to move to FIDO, face ID and other kinds of authentication,” he told bluehillco.
“The industry has had decades to come up with a better solution than usernames and passwords, and they haven’t done it in a way that has been widely adopted,” he said. “You have to ask yourself, why?”