Why Do We Annoy Our Users With Passwords?

Passwords
Why Do We Annoy Our Users With Passwords?

Do users like passwords? Considering all the trouble with cookies, social login, single-sign-on one can get a strong feeling that this question is very easy to answer, and the answer is NO. This has been discussed for quite a long time, we know that there are a lot of bad passwords in use, but still we keep asking our users to login with username and password very often. So to answer the big question lets try somewhere else: Knowing that our users hate them. Why do we, the service providers of this world, need passwords?

Again this answer appears to be obvious: we need them for security. But if we focus only on our clients, not on the technical aspects, we might find out that what they protect isn’t really our service. It is data that our users trusted us with. To protect this data, we take on our shoulders the cost of maintaining in our services all the processes related to passwords like user enrolment, forgotten/lost credentials, all this user experience. Passwords are just a low-cost and scalable way to do this.

Cost vs. Experience

Sticking to customer experience – what is presented to me, as a user after typing in my username and password seems private, it belongs to me or is bespoken for my convenience. As always there is some risk someone might find a way to put his hands on my property. We as service providers shouldn’t fall for this, though. The refinement of applied security control must address the associated risk. Extremely strong passwords, multi-factor, risk-based authentication just don’t apply to most of everyday businesses so are not worthwhile.

Users want to feel secure with their data and we want this data to make our service better, present relevant content and allow making faster purchases. We need a golden rule here, a reasonable balance between usability, cost and security. In my opinion social login is at least something in the right direction. It takes the burden of filling forms and maintaining many logins and passwords off our users and all the mention processes from our scope. Social login provides us with information that a user is more likely to be up to date, grants us a proven email address and a considerate level of security with all the sophisticated control mechanisms implemented already by most popular providers. If trusting social login provider is hard for you remember that even banks are nowadays offering their services in this field. And in my opinion it’s a very reasonable thing for them to do – they hold very precise data on their customers, they had to implement very secure client facing portals and want to monetize this investments.

The Grass Isn’t Always Greener On The Otherside

The only thing I find problematic about social login is that it does not sound super easy. You need to have your service designed to support federated claims. If this doesn’t sound familiar to you (contrary to username and password) I am pretty sure your developers and help-desk staff will love it. At least much more then notoriously streamlining all the mentioned processes related to passwords.

Coming back to the main question. I think that first of all users like to feel safe. Passwords are old but still cost effective way of assuring this. Users don’t necessary like passwords, rather are used to them. Most of all we want the users to like our services and I am sure they will appreciate when we keep on making them easier to use.

Never miss an update by following us and subscribing to our monthly newsletter!

Marcin Lewak

Marcin Lewak

IT Security Consultant at Atos Consulting CH
I am an accomplished Identity and Access Management systems architect and integration specialist with a wealth of technical and commercial skills acquired across a wide range of demanding roles in delivering, supporting as well as designing and selling security solutions.
Marcin Lewak
Summary
Why Do We Annoy Our Users With Passwords?
Article Name
Why Do We Annoy Our Users With Passwords?
Description
Knowing that our users hate passwords. Why do we, the service providers of this world, need them and how do they impact on customer experience?
Author
Publisher Name
Atos Consulting CH
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *