Benjamin Franklin famously wrote that “in this world, nothing is certain but death and taxes.” If he were alive today, Franklin surely would have considered adding passwords to that list of dreaded inevitabilities. Navigating the web in its current iteration means remembering (or, more precisely, forgetting) an ever-growing number of increasingly complicated passwords to access everything from social media, the news, banking websites, and more. If you feel as if the promise of the internet is just one forgotten password away, you are not alone. Today, password fatigue is “experienced by many people who are required to remember an excessive number of passwords as part of their daily routine.” This should come as no surprise, considering that the average internet user has to remember a password and username for a staggering 90 accounts. To make matters worse, not only are all of these password requirements annoying, but they’re also increasingly ineffective at protecting users and preventing fraud. Today, fraud is on the rise, and passwords are a big part of the problem. In fact, the FTC estimates that in 2021 fraud losses topped $5.9 billion. In a world where so many struggle to make ends meet, it’s unfathomable to lose billions of dollars to fraudsters annually. To improve user experience and reduce fraud, it’s time to analyze the shortcomings of passwords and adopt a new cybersecurity technology worthy of the 21st century.
With the coming of age of millennials, the first generation to be raised with the internet, companies in almost every sector are racing to up-level their user’s digital experience from beginning to end. Unfortunately, requiring the user to log in via passwords makes a terrible first impression and can even negatively affect the bottom line. In fact, a study conducted jointly by Mastercard and the University of Oxford found that about one-third of online purchases are abandoned at checkout because consumers cannot remember their passwords. Forgetting passwords is an extremely common phenomenon. In fact, according to a study by Dashlane, an average internet user resets their password an average of 37 times a year. It has gotten to the point where some users don’t even bother trying to remember their password and resort to resetting their password every time. In addition to degrading the user experience and driving away business, passwords are increasingly ineffective at preventing fraud due to an increase in data breaches and poor password hygiene on the part of the customer.
While complicated passwords might make us feel safer, they still have major limitations when it comes to preventing fraud. Whereas in the past, a simple password (perhaps your pet’s name) would suffice, websites today typically require passwords to contain both numbers and special characters, making them even more difficult to remember. Some cybersecurity advisors recommend replacing the password with a “passphrase,” which, in theory, is easier to remember and more secure. Unfortunately, all of these passwords and passphrases have an unintended consequence: poor password hygiene. In an effort to remember all of these passwords, “almost two-thirds of people use the same password across multiple accounts.” In another study, Microsoft found that a whopping 44 million of its users had used the same password on more than one account. The practice of recycling a password (or even slight variations of a password) again and again leads to what cybersecurity experts coin as the domino effect:
“...a password, and all the accounts it provides access to, are no more secure than the weakest system using that password. Like dominos, when a weak system falls prey to hackers, information will be revealed that will aid the hackers in infiltrating other systems, potentially leading to the fall of many other systems, including systems with far better security than the first.”
The domino effect is why a single data breach affecting one company can compromise a user’s entire digital life, wreaking havoc on their finances and sense of security. With data breaches becoming more common, passwords are becoming compromised quicker and quicker. To end this vicious cycle once and for all, we need to take a step back and realize that longer, more complex, and newer passwords will never be able to solve the problems caused by passwords in the first place and embrace more advanced digital authentication technology worthy of 2022.
Today, the best way to authenticate a user online is not with a password but rather by running a PRO check. If a user passes all 3 checks, you can feel confident in approving even the most high-risk transaction. The Pro Check is composed of three simple steps:
- Possession: Passwords rely on authenticating a user based on something that, in theory, only they should know. Unfortunately, for the reasons described above, this has major limitations. Prove solves this problem by authenticating users using something that the user possesses – a cell phone. Instant Link™, for example, is a powerful and almost frictionless way to check for possession.
- Reputation: The rise of SIM Swaps makes checking the trustworthiness of a phone number absolutely critical. Phone numbers that have recently undergone a SIM Swap or other high-risk event will have a lower Trust Score™ than a phone number with a long track record of successful authentications. Companies can then use the Trust Score to make wise decisions when it comes to authenticating or verifying a customer.
- Ownership: How do you prove that a phone number entered is actually owned by the user? That’s where the ownership check comes in. The ownership check measures how closely linked a user is with a phone number. This prevents bad actors from entering a stranger’s phone number while creating an account.
Thanks to the sensors built into today’s smartphones, the PRO check can be fortified further using behavioral biometrics, including gait analytics that authenticates users based on the unique way in which they walk.
While death and taxes aren’t going anywhere, passwords don’t have to be around forever. By investing in more advanced, phone-centric passwordless technology, companies can actually improve user experience while reducing fraud. The future is now; let’s relegate passwords to the dustbin of history once and for all.
To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.
Keep reading
AI tools can autonomously generate threat detection queries, sift through vast amounts of data, and pinpoint potential threats without manual intervention.
Deepfakes, while not entirely new, have reached a level of sophistication that challenges businesses that are trying to deliver frictionless digital onboarding to their users.
The Federal Trade Commission (FTC) received reports of a significant increase in SIM swap attacks in 2023, and Experian's 2024 scam forecast identified SIM swapping as one of the top threats, emphasizing the need for heightened awareness and preventive measures.
