Passwords are definitely necessary, but they can be brutally annoying when you just want to buy a product or check an email. There's no quicker way to kill online momentum than trying to log in to something only to realize you've forgotten your password, or that your ol' reliable isn't working.
A report by Beyond Identity, a cybersecurity company focusing on login credentials like email accounts and passwords, has shown that people have little to no patience when it comes to resetting or thinking of new passwords.
This is a problem for a multitude of reasons – businesses are losing out on sales after people give up their carts once their logins don't work, their email marketing lists are getting clogged up with multiple email accounts belonging to the same people, and the whole process is becoming overall less efficient. So people are looking for a solution to this problem.
What Did the Password Report Say?
This report, conducted by Beyond Identity, indicated that the hassle of resetting a password can lead people to completely lose interest in whatever they're doing. For example, some of the most interesting findings are:
- One in four online shoppers were willing to abandon a cart of $100+ if they had to reset their password to check out, with $162 being the typical threshold for forcing people to reset their password.
- Online banking login credentials were the most forgotten.
- Nearly half of respondents reported having to reset their bill-paying account password at least once a year due to login issues.
- Baby boomers were most likely to use old passwords when resetting account credentials.
There were other findings in the report, but they all lead to a similar conclusion – passwords can be finicky and frustrating, and keeping them in your mind for an extended period of time can be annoying.
It doesn't help that multiple websites will require different elements in passwords. For example, if your password is “hunter2” for a bunch of websites, but a new website requires the inclusion of a punctuation point, you might make it “hunter2!”. Then, months later, when signing in again, you'll probably forget that additional inclusion, leading you to create a new account all together.
“In many instances, consumers are not able to complete the interaction with a product, whether it's transferring money, paying bills, purchasing from gaming sites, or accessing info while traveling. The password is a revenue problem. When customers drop off, you can lose them forever.”
– Jing Gu, senior product marketing manager at Beyond Identity
Solutions to this Password Problem
If so many people are getting turned away from using websites due to not wanting to vary up their passwords, what can we do as a society to encourage proper web security? Well, Beyond Identity itself is looking at a solution to this problem. Just recently, they released a product that allows businesses to set up passwordless authentication methods:
“The tool lets visitors opt in to passwordless authentication by signing up with their username (typically an email address). They are then sent a link; when they click, a public-private key pairing is made and an X.509 certificate gets issued. From then on, when the visitor accesses the site, they can enter their email address and are fully logged on.”
Of course, this comes with its own problems. While it's far easier for people to log into their accounts, it's also far less secure. Considering even the most trivial online accounts (for things like pizza delivery or streaming shows online) can include things like credit card information, people would need to be very cautious about using this method.
“And then consumers will demand passwordless for their most treasured and important online accounts – banking and shopping. Next, they'll want that same convenience and security for their work accounts.” – Jack Poller, Senior Analyst at Enterprise Strategy Group
A lot of cyber security professionals are concerned about this method. Upon reading the report above, companies may begin licking their chops and thinking about how removing passwords can lead to them optimizing sales and limiting the amount of abandoned shopping carts, but if something does go wrong, it will likely be the customer who pays for it.
“What helps account takeovers is true multifactor authentication and the use of password managers, which can help minimize password resets or enable the ability to detect account takeover. While e-commerce sites want to maximize the flow of orders, that priority can’t lead to a security race-to-the-bottom.”
– John Bambenek, Principal Threat Hunter at Netenrich
The Importance of Passwords
While passwords can be a hassle, there's no denying that they're absolutely crucial for anyone looking to keep their online presence safe and secure. And for the foreseeable future, passwords won't be ousted in favor of a new form of online authentication.
So while we make do with written passwords, there is a way to make sure they're as secure as they can be. Password managers are software platforms that allow you to generate and store complex and secure passwords that will ensure that everything is safe and sound.
One of the main reasons people may feel averse to changing old passwords is due to the fact that memorising dozens of passwords for multiple websites is not going to be a fun time, so being able to have a different password for each site, stored in a secure network, means you won't have to memorize them.