© 2022 CX LavenderPolicies
4 minute read
It must be a mix of uppercase and lowercase letters, numbers and special characters. It must not include names or words that can be found in the dictionary. It must be hard to guess but easy enough for you to remember. And above all, it must never be written down.
These are the rules that give me a headache every time I’m asked to set up a password for something. And with more of our lives moving online, we’re being asked to create more and more passwords... and remember them. But isn’t the concept of passwords flawed, considering that for a password to be difficult enough for a hacker to guess, it also has to be difficult for me to remember?
I am more of a visual person. Remembering names is hard enough, remembering all the different passwords to my various accounts seems like an impossible feat. But I was happy to learn that I’m not alone in my struggle. A recent study found that 78% of people will have reset their password to a personal account in the last 90 days1.
Remembering one password isn’t the problem, remembering dozens of them is. The passwords I enter daily like those for my laptop, phone and bank account are constantly being reinforced in my memory. But those I only enter once a month, or a handful of times a year, like passwords to online shopping accounts, I can never remember when I need them. Our brains can only hold so much information, and if I’m not using these passwords frequently enough, they’re replaced with other priorities like work deadlines or remembering to buy more nappies on the way home. Reusing the same password for multiple platforms isn’t really an option either, since it creates a big security risk.
When online shopping, I regularly find myself abandoning my cart during the checkout stage because I get frustrated trying to remember my customer account login. A joint study conducted by MasterCard and the University of Oxford revealed that a third of customers are lost at checkout because they can’t remember their passwords, and 18% of cart abandonment is due to password reset issues2. With 40% of ecommerce transactions being impulse purchases, any interruption to the transaction gives a customer the chance to question whether they really need that third pair of white sneakers. For businesses, it’s responsible for millions of dollars in lost revenue.
Online shopping is more competitive than ever these days. The last thing your business wants is for your customers to shop at one of your rival stores purely because they can’t remember their password to their account with you, and can’t be bothered resetting it.
But while passwords are the source of so much frustration, they are becoming more and more important as online security attacks increase.
“The last thing your business wants is for your customers to shop at one of your rival stores purely because they can’t remember their password…and can’t be bothered resetting it.”
Instead of forcing customers to use a complicated password, businesses need to start offering alternatives that make life easier for customers.
Already many companies are offering access to password managers. This software stores all the user’s passwords in an encrypted format, only accessible with a master password. It provides strong security without asking the user to remember a million different variations.
Another alternative for those who are not comfortable with password managers, are Knowledge Based Authentications (KBA). These verify the user’s identity by asking them a personal question – such as their mother’s maiden name or their first pet’s name. Although easier to remember, the answers to these can be found by hackers.
The best solution for businesses is to consider integrating biometric technology, like fingerprint and facial recognition, into their platforms. It’s already used on smart phones and other personal electronic devices, and has been readily adopted by security-conscious businesses like banks for use in their mobile banking applications. It’s not only extremely hard to recreate, which provides higher security than traditional passwords, it’s also simpler and quicker for the user. Win-win.
With more and more of our lives moving online, the expectation for users to remember multiple passwords for their different accounts is unreasonable. The move towards a single system that allows users to verify their identity quickly and safely everywhere, seems inevitable. While biometric recognition technology is a large financial investment, if businesses want to keep up, investing could become a necessity.