We then chase down the rabbit-hole of re-writing a memorable word or phrase with digits, punctuation, upper and lowercase numbers and – I kid you not – in some situations, emojis. I once heard the continued use of passwords described as a secret conspiracy launched by 3M to sell more post-its.
Not only is this is this process aggravating, not only does it make a system less secure, the added complexity and frequency of change makes remembering your password drastically more difficult. For the user, a forgotten password is simply a source of friction and frustration – for the company, the IT Support staff, it is actually the source of costs. An estimated 20 to 50 percent of all help requests regard resetting passwords. Forrester Research estimates that each reset can cost a company around $70.
Unfortunately, the password problem can’t be solved by a single company. Due to the required complex nature of passwords, users tend to take a single complicated keyword, and reuse it across multiple sites and services. This allows for a malicious actor to crack one password and then use it across the universe of accounts and services that the user has. All of that personal information, all of a company’s proprietary information stored in a user account, banking and financial information – all unlocked by the same password that was guarding Fantasy Football scores.
User friction and frustration generate another problem. As a user surfs a website, filling their cart with goods and products, they become more and more committed to a purchase. When it comes time to go through check-out, the user has to produce an account. They have to login with a username and password and input credit card numbers and delivery addresses. First time users expect this experience and tend to stick with it to completion – however, repeat visitors who have forgotten their password tend to abandon their cart. The frustration associated with passwords causes a loss in revenue and a loss in repeat customers.
Fortunately, a solution is afoot. Usernames and passwords are designed to prove to a service that a customer is who they say they are. They rely on a shared secret to authenticate the user. Authentication is a combination of a Claim and a Calculation. I claim my identity. The service calculates that only I would know the secret I had shared with them earlier so there is a high probability of me being me. Fortunately, shared secrets are not the only way to authenticate someone.
Multifactor authentication is the process by which identity is established by providing two of the following three things (1) Something only I would have, (2) Something only I am, (3) Something only I know. By leveraging multifactor authentication, the world can finally move off of usernames and passwords.
Nok Nok Labs is an expert in this field and is prepared to help your company navigate to a higher level of security with less waste and more fidelity. Our S3 Authentication Suite technology powers multifactor authentication through proven public-private key cryptography based on the protocol invented by Nok Nok Labs and popularized by the FIDO (Fast IDentity Online) Alliance. This protocol will allow a company to deploy strong authentication to their users and can drive better security, better user experience, decreased costs and improved revenue.
For more information on how your company can cut down on IT waste and enact multifactor authentication, read our newest whitepaper, “Strong Authentication: It is Time to Act.”