Reliance On Outdated Usernames And Passwords Is Slowing Digital Progress

Despite the fact that we’re more connected than ever, and doing more online than ever, the login experience is remarkably and consistently … old school.

Think of the legal pads you use, or post-its, to jot down those usernames and passwords. The (slightly) more tech savvy among us might use excel spreadsheets to keep track of it all. But no doubt you’re experiencing what might be likened to “password creep” or sprawl. Keeping track of it all is a challenge.

“We’re going to have to start thinking differently about login and authentication and thinking differently begins with designing systems differently,” Phillip Dunkelberger, CEO of Nok Nok, told Karen Webster.

The conversation came against the backdrop where we are all connected. And about 29 percent of us are “superconnected,” with six (or more) devices in hand. Sixty percent of millennials and more than half of high-income earners have increased their use of online and mobile payments. Superconnected consumers (consumers who have six or more connected devices) are convenience-focused, and their increasing adoption of digital banking highlights their comfort with digital tools.

But even as we wield more devices, accessing and using them should be made a bit easier. Authentication, he said, needs a radical overhaul in the connected economy.

“We haven’t gotten to the promised land yet. And I think the journey there is going to take some time,” said Dunkelberger.

Begin With The Infrastructure 

Start first, then, with the tech, the infrastructure, itself.

“The broad user base needs a better way to access information and data,” he said. “They need to do it securely and cost effectively,” and the password represents a stumbling block.

In short, the login needs to be user-centric, which means that that firms need to examine their infrastructure if they want to serve the younger consumers — the millennials and Generation Z consumers that are the future of commerce (and the connected economy).

Do it wrong, and the impact can be disastrous. As Dunkelberger noted, if firms are not careful in selecting their new systems and interfaces, they will lose customers for a variety of reasons, many of which they’ll never know about.

To avoid those frictions, to bring a truly seamless, connected experience that at the very beginning (that would be the point initially turning on and interacting with the device) is seamless too, Dunkelberger pointed to the need to reimagine various design points.

With different pieces of hardware, he said — the mobile phone, the speaker, even the car — embedding the internet and embedding payments all require a revamp of the front- and back-end functions. Up until recently, he said, the tech world has a long history of designing things from an “IT perspective” that looks at the user — the last mile, so to speak — as the very last thing to consider.

Read more: Metal Credit Cards Take On New Role As Virtual Ignition Keys To A Password-less World

And in designing those last-mile experiences, he said, the IT teams tend to default to usernames and passwords because those features have been around a long time. Users know how to use them, and they’re comfortable with them (indeed, data show that 75 percent of consumers say they still use passwords and traditional login processes to access that most sensitive trove of data — their bank accounts).

Dunkelberger noted that firms such as Nok Nok have endeavored to build that new architecture, though it takes time to roll out and it takes time (and a lot of effort) to get standards bodies to agree. He pointed to the FIDO standards, that took more than a decade to shape, and where the challenge now is to integrate the protocol into different operating systems to enable different use cases.

The ultimate goal, of course, the grail, so to speak is one where, as the Nok Nok executive described it, “I can log in the same way on my PC or my laptop or my tablet, or my phone, or a kiosk, or my car. Any of those superconnected devices will have a very common, easy user interface that doesn’t involve usernames and passwords anymore.”

That superconnectivity will give rise to one connected ecosystem, entered through one digital front door. Along the way, he said, regulators will have to take a sharper look at data control and privacy, giving users some control of what’s shared and what’s not, and to whom they entrust that data (which is a key feature of the FIDO protocol, he said).

Uneven Uptake 

Thus far, the embrace of passwordless protocols has been more fervent in countries and regions outside the U.S.

In Nok Nok’s own experience, he said, installations and initiatives using biometrics gained quick traction in Asia, and we’ve only just recently begun to see similar gains in the U.S.

With those initial deployments in Asia, he said, the initial consumer enthusiasm was widespread as consumers used their phones to log in, with biometrics and transact across any number of use settings. But there was a bit of (technical) divide, he said, in that there was no seamless way to connect the biometrics to the backed or payment systems — that problem has since been solved he said, without requiring “rip and replace” activities.

With the full integrations and interoperability in place between the front-end and back-end systems, he said, it’s imperative to start broadening efforts to educate consumers about the availability and benefits of biometrics.

Moving The Needle On Education  

It might be a heavy lift, at least at first.

As Dunkelberger noted, despite only a minority of consumers expressing a clear preference for password-based login, adoption rates for secure passwordless authentication are relatively low. Fewer than one-quarter of consumers use any type of biometric tools such as fingerprints (22 percent), face scans (18 percent) or voice recognition (4 percent). QR codes have seen the highest adoption rate during the past year.

Large providers, he said, especially in the U.S., have been slow to provide passwordless/biometric options. In some cases, too, the fault lies with the devices themselves, as one’s smartphone can prove inconsistent in recognizing a user’s face — which means you are then defaulting to the PIN … which in turn reinforces the same old, same old authentication behaviors.

The tailwind will come if the providers are able to demonstrate value to the users — showing that the service can indeed improve, that data are safer. For the providers themselves, it’s important to make them realize that FIDO protocols and a password-less future will reduce call-ins to their contact centers, that operating and even staffing costs can be trimmed a bit.

As he stated, “When you call the call center, I don’t ask you for your mother’s maiden name anymore. I just say, ‘Hey, Phil, nice to see you. Glad you’re on. I saw you’ve been working on our self-help site for 20 minutes. Let me fix that problem for you.’ OK. That’s a way different experience than being on hold for an hour.” There’s a positive ripple effect across an alliterative value chain: authentication, authorization and accounting.

That means combining IDs and authentication at the very beginning of the consumer journey, he said.

We have made authentication the “redheaded stepchild of identity,” said Dunkelberger, and as he said, if a consumer cannot authenticate themselves, they cannot identify themselves. Having a seamless sequence of “fail-safe procedures in place to get that authentication in place could solve a range of poor consumer experiences,” he said.

Picture, then, the user whose face is not “registering” on their device — they can be prompted to use a voice-activated method as an authenticator; simply uttering a phrase like “Pay with PayPal” can help the transaction proceed accordingly, rather than having to abandon a full shopping cart.

Looking ahead, the milestones of success in moving toward a passwordless existence will be marked by how many devices can support passwordless authentication by using protocols baked in at the end point — he predicted 3 billion to 5 billion devices enabled by the middle of next year.

As the Nok Nok executive told Webster, the overarching philosophy that will get us toward a truly connected economy will be “Let’s build it better. Let’s do what technology is supposed to be good at — enable people to satisfy preference for anything other than username and password.”