By Nick Caley, Vice President, UK, and Ireland, ForgeRock
We’ve all been there. You try to log in to an online account and you just can’t quite remember what your password was. You think you’ve got most of it, but you’re missing a digit somewhere. Was it a ‘1’ or a ‘£’ at the end? After a few attempts you’re asked if you’ve forgotten it, and you either go through the whole rigmarole of resetting it, or give up.
To try to mitigate this, many of us inevitably reuse the same username and password across different accounts. It’s not always simple – often your favourite password doesn’t quite fit into the format required. “Must be less than 20 characters.” “Must include at least one special character.” So you add a random character to the end. But largely it’s a process of cut and paste or muscle memory. The upshot is that today over 71% of accounts are protected by passwords that are used across multiple accounts.
This is a red carpet for hackers. Stolen passwords are the cause of 80% of data breaches, and if you’re using the same details over and over, once one account is breached it puts the rest of your online accounts at risk.
For businesses, usernames and passwords can be a massive revenue sink. Studies show that almost a third of us who have to go through the recovery process after forgetting their credentials simply give up, and Gartner found that up to 50% of all helpdesk inquiries are password resets.
Usernames and passwords must go. But how else can businesses verify your identity without ruining the customer experience?
Faces, fingerprints, and phones
We’ve already had a taste of the usernames and passwordless future in the smartphones of Apple and Samsung, with pioneering features such as Face ID and the Ultrasonic Fingerprint Scanner.
This is not just important from a technological perspective. Culturally, too, these features have shifted perceptions, normalising the process of verifying your identity (which is what usernames and passwords are for) with a face or fingerprint scan instead.
This is just the beginning, and we’re now entering the next stage of biometric innovation with software-biometrics.
This removes the need for special sensors by instead making use of the high-quality cameras in mobile phones. As a result, you can carry your authentication method across multiple accounts, devices and applications, making the whole process smoother and easier.
Behavioural biometrics are even more exciting. They use your behaviour – scrolling speed and patterns, finger size, keyboard typing – to provide ongoing authentication that runs invisibly in the background.
If implemented correctly, you won’t even be aware that your identity is being verified. This would allow businesses to embrace a more dynamic and continuous form of risk profiling,
The confirmation model or, how I learned to not get in the way
The future isn’t so far off. But businesses can start their journey towards being usernameless and passwordless today by applying a new way of thinking about security: moving from authentication to confirmation.
The confirmation model involves asking whether and when you need to authenticate someone’s identity, and at what level.
In other words, “how important is it for us to know who this person is, and how confident are we that we know who they are?” If a company feels comfortable about who you are, it doesn’t need to get in your way.
For example, when you purchase an inexpensive item online, the seller is primarily concerned that the payment method is valid and approved.
By applying the confirmation model, they could do this by looking at contextual signals, like whether your device and location are expected. This gives them the appropriate level of assurance that you are who you say you are, with virtually no friction.
By implementing a model for judging how critical it is that a user is who they say they are at different times, businesses can provide a smooth user journey that’s more natural, more human.
Of course, with activities and transactions that are more serious, or of higher value, the business needs the ability to adapt in real-time from a contextual, signals based confirmation to strong authentication as required for the balance of experience and security.
Ranking activities like this will ensure the whole process can be trusted on both ends.
ForgeRock: Forging better customer relationships
The frustration of forgetting your username and password – and the cybersecurity problems the process comes with – need afflict us no more. By adopting new technologies and combining confirmation with ‘only when required’ authentication, businesses can improve the customer experience, create more loyal customers, and increase revenue.
In our connected world, customers expect seamless and secure digital experiences as the bare minimum. Those businesses that deliver the cutting edge will be the ones that stand out.
About the Author and company:
Nick Caley is the vice president for ForgeRock in the U.K and Ireland.
ForgeRock®, the leader in digital identity, delivers modern and comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.
Using ForgeRock, more than a thousand global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data – consumable in any cloud or hybrid environment. The company is privately held, and headquartered in San Francisco, California, with offices around the world.
For more information and free downloads, visit www.forgerock.com
More about Irish Tech News and Business Showcase here.
FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!
Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content.
Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.
Drop us a line if you want to be featured, guest post, suggest a possible interview, or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.
Contact us, by email, twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick, and talented, we look forward to working with you!
If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.