Whether shopping online, using work technology, or accessing lifestyle apps, most of us have clicked on the ‘Forgotten your password’ link in frustration. Having to reset passwords is infuriating and, according to a report, wastes the average person over 12 minutes every week – an incredible 11 hours every year.
And yet so many transactions undertaken by valued customers require exactly that - to memorise and enter passwords to make purchases or to access their accounts. Which is why it’s particularly interesting to know about the solution suggested by FBI security adviser (and former master of identity fraud) Frank Abagnale.
Famous for impersonating a pilot, doctor and lawyer, as dramatized in the film and Broadway show, Catch me if you can, Frank is spearheading the campaign to strengthen personal security by putting an end to password use, something he and Ori Elsen - founder of Trusona, the leader in passwordless two-factor authentication ventures - are passionate about.
What’s the alternative?
Attempts have already been made to move away from passwords - two-factor authentication (2FA), which utilizes SMS, one-time passcodes (OTPs) and hardware tokens, has been one response to improving identity security. However, this isn’t without its problems: 2FA can be clunky to use and can still leave organisations and individuals vulnerable to breaches.
Frank believes the answer is in next generation authentication which leverages mobile devices and their built-in biometric sensors and authentication (i.e. fingerprint or face recognition) with security hardware - the possession of a device where that possession can be confirmed by means of a SIM card or encrypted token.
“This achieves enhanced security while making authentication fast and simple: there’s nothing to create, remember, type/mis-type or maintain,” Frank explains. “Also, because there are no passwords, there’s nothing to phish or obtain through malware key logging so the customer is no longer unwittingly giving away user credentials.”
The other level of protection that next generation authentication offers is against network sniffing - these tools have become increasingly sophisticated and can sometimes even crack encrypted credentials. By storing and exchanging a pair of public/private keys on the phone and going truly passwordless, no credentials are transmitted, which eliminates the risk of network sniffing attacks.
The higher level of security protects not just that particular log-in experience, but, as many people use the same password for many of their accounts, prevents their security being compromised across several accounts, whilst also protecting them against ‘credential stuffing’ - where hackers test sets of credentials against different web sites.
Attracting customers with a better experience
Up until recently, customers were largely happy to pay or transact the way required by the vendor, even if it wasn’t the most convenient method for them. Increasingly, however, there’s been a cultural shift where customer preference has risen in importance and, in the many markets where there is considerable competition to attract customers, user experience is rising in importance,
Smoother checkouts, which speed up the process whilst ensuring the customer has absolute confidence in the security of their payment, are likely to become more and more relevant to businesses looking to secure the advantage in their sector or industry.
Rather than offering a convoluted payment journey which requires a series of clicks and password recall for the customer, businesses could gain the competitive edge by moving away from password use to offer a more positive experience. Not only could this help with attracting customers to transact with them once again, but it could also support the development of their reputation for excellent customer service. We all know of brands who have achieved, and benefitted from, this coveted status in areas of customer care.
It’s certainly food for thought: Frank believes that the next few years will see the extinction of passwords and this is backed up by Gartner, who estimate that by 2022, 60% of large and global enterprises and 90% of midsize enterprises (MSEs) will be using passwordless methods of authentication.
A future without passwords is one I believe many of us would embrace and, if merchants start to embrace the more modern, secure and user-friendly alternatives, I know that I, for one, certainly won’t miss racking my brains each time I log in or make a payment.
Frank Abagnale and Ori Elsen were speaking at a thought leadership event hosted by Pay360 in London – read our blog to find out more about the insights shared on the day.