It’s Time to Demand Better from Authentication Vendors
Chief Revenue Officer, HYPR
I’ve spent the last 15 years in the cybersecurity industry in customer-focused roles. From the start of my career in the Identity industry when RSA was the gold standard in two-factor authentication, leading up to my current role running all field operations and global go-to-market strategy at HYPR.
After a short break from Identity and Access Management I invested 8 years in Endpoint Security. This journey took me from pioneering endpoint isolation at Bromium to the rise of network isolation at FireGlass, with both companies being purchased by big-box security vendors. Now, after close to a decade in the Isolation space, I’m really enjoying the return to my roots in driving forward the evolution of passwordless authentication. Back in the IAM industry I now have a newfound appreciation for what I learned having experienced recent disruption in endpoint security.
Despite various great technologies being successful at stopping malware, it was widely known across the industry that if an endpoint product impacted the end-user experience, it was deemed unsuccessful as customer adoption would inevitably stall. Having seen this firsthand (more often than I would have wanted) has allowed me to understand that when it comes to end-user adoption – usability always takes preference over security. No matter how secure your product is, one thing is for certain…
A security product which fails to deliver an experience users will love will also fail to gain adoption.
This is most apparent in the authentication space. Enterprises are well aware that passwords are the weakest and most outdated component of their identity stack. We read this in trade publications, and the frequently-cited annual Verizon security report showing that 81% of breaches are caused by lost or stolen passwords. Everyone knows passwords are bad. This is obvious.
Far less obvious, however, is the fact that a large majority of businesses and their users still rely on passwords. In fact, most have yet to enforce the use of complex passwords and still use the traditional 6-to-8 character requirement. It gets worse. According to the 2019 Internet Trends Report, 2-FA adoption has actually stalled globally. And despite an industry-wide push towards zero-trust philosophy and strict regulatory requirements such as NYDFS and PSD2, most organizations don’t even have multi-factor authentication at the desktop.
Why are businesses so reluctant to do the obvious and move beyond passwords? Because of a flawed user experience. The complexity and inconsistency introduced by most MFA products has led to user experience fragmentation that has all but halted its adoption.
Multi-factor authentication must be FASTER than a password in order to succeed. Your users do not want 15 different ways to log into their desktops.
Your users want one consistent way to login to everything. Simple as that. Your customers and employees will not adopt a slower and more complicated login experience. When I see vendors adding more steps to the login experience I can’t help but think it’s no surprise the password is still around. Why would any user replace passwords with an MFA product that adds more steps to their login process? They wouldn’t. What users really desire is a single, consistent, fast and easy way to log into their mobile, web, and desktop accounts. Now with the growing urgency for Passwordless Desktop MFA, the need for speed is more critical than ever before.
Businesses must prioritize user experience if they expect multi-factor authentication to be adopted. An MFA product must make login experiences easier and more streamlined. It should reduce the number of steps and it needs to log users in faster than before you deployed it. Most importantly it must remove clicks from the login experience and reduce the user’s overall thought process.
Want to demand a better experience? Ask your MFA provider these questions
1. How much faster did your product make our login speeds faster?
2. Can we test it side by side with a competitors’ product?
3. Exactly how many clicks, taps and keystrokes did you add or remove from our current authentication experience?
If there’s one thing I’ve learned from the Endpoint industry –
…It’s that companies might buy a product, but that doesn’t mean their end-users will adopt it.
It’s time for us to demand better usability from the authentication industry. To reverse the stalling of MFA adoption these products need to be designed with the end-user in mind. I want to see passwordless MFA deployed at every Desktop, every web account, and every mobile application. This goal is well within reach but can only be achieved if the vendors prioritize usability and invest in people who are experts in UX, design, and demonstrate a maniacal focus on improving the customer experience. Only once we acknowledge the importance of these usability factors and demand better from the vendors who provide them – will we finally eliminate passwords.
Lani Leuthvilay Director of Product Marketing, HYPR View Full Infographic In December 2019, we released findings from our password usage study and had a discussion with Yan Grinshtein to gain insight into the relationship between UX and security. The problem cuts...
Roman Kadinsky COO & Head of Product, HYPRMore locks should lead to more security. That was the promise of Multi-Factor Authentication (MFA). So why has account takeover fraud more than doubled in the past few years? With millions of passwords stolen and published...
35% Of People Keep All Their Passwords in Notebooks, Excel Files, Sticky Notes, etc. 2+ Year Study Examines Human Behavior, Providing Insight to How Personal and Work Related Passwords are Utilized NEW YORK, December 10, 2019 — Passwords are the dominant way online...