While cumbersome login and identity verification processes cause ‘bad friction’, adaptive technologies can be used to justify ‘good friction’
Marking a day of commemorating data privacy around the world, 28 Jan should actually not be anything special anymore.
Every day should be a day to mark the critical importance of protecting, upholding and defending data privacy issues.
With that said, Richard Marr, General Manager, APAC, Auth0, still has some identity and access management trends and tips to share with readers.
A compliance priority driven by cyber threats
According to Marr, we can expect to see more progress on regulatory guidance around access control, user access management, robust password policy and strong authentication in 2022.
Australia already has its Online Privacy Bill, Critical infrastructure bill and Trusted Digital Identity Bill. Other countries in the Asia Pacific region are continually updating their data protection laws as well.
These regulations mandate the need for organizations to safeguard against unauthorized access to their information assets and IT environment. The onus is on organizations and service providers to ensure their users can securely access the correct content at the correct time, while managing the complexity of the number of platforms, devices and user interfaces.
“Organizations now need to force the issue to protect themselves and their customers. Authentication is much more than an email and password combination. One Time Passcodes and biometric security are mainstays of Multi-factor Authentication (MFA), but consumer-facing businesses have often avoided them. The fear is that they add friction to the customer journey,” said Marr.
In his firm’s research, Marr has found that 83% of e-commerce consumers polled had abandoned their cart or sign-up attempt because the login process was too difficult. Consumers want to use digital services, but if the login process is clunky or frustrating, they will take their businesses elsewhere.
Reduce friction with adaptive technology
Marketers are often apprehensive that cybersecurity will take away from user experience. Striking the right balance between convenience, security, and privacy, can be the difference between building trust and frankly telling your customers to go elsewhere.
Marr asserts with adaptive technologies, friction from data privacy authentication will no longer be a dirty word. In short:
- Friction is really a spectrum depending on the risk of any given transaction. A consumer may not expect a massive amount of friction when they log into an online subscription account to read the news, and the risk associated with someone pretending to be the user in that context is also relatively low. However, a customer changing his bank details in an app and finding a second layer of authentication missing is going to question the legitimacy of the bank’s security measures. Good friction is friction any user would expect, based on the risk that someone else is logging into the user account, unauthorized.
- Technology is getting better at allowing organizations to take a more extensible approach to security and user experience that maximizes both aspects. Auth0 research has indicated that APAC organizations polled were twice as likely compared to their European counterparts to offer customers the ability to use social logins, biometrics, and MFA to gain access to services.
- To introduce friction only when necessary, without impacting the customer experience, there are now ‘adaptive technologies’ designed to add additional layers of security without unnecessary friction. For example, if a person logs in from Australia and five minutes later from Singapore; or if someone with a known bad IP address tries to access another person’s account, Adaptive MFA would trigger more verification prompts to force the person to verify that specific digital identity. If a person tries to log on using a password that was stolen in a recent data breach, Breached Password Detection technology will step in to trap the attempt.
- Adaptive technologies such as Adaptive MFA and Breached Password Detection are examples of ‘good friction’. They interrupt the customer journey only when needed, and provide valuable reassurance that a business has a good handle on the security of their users’ accounts.
Organizations that prioritize data privacy with a focus on good friction and a great user experience stand to offer a trustable infrastructure and the ability to market themselves to consumers over competitors that lag in this critical digital-era cornerstone.