Prioritizing user experience at the expense of security can increase sales, though pivoting from passwords is still problematic.
IT decision makers are allocating 10% more funding toward improving customer experience than to security measures, according to an Equifax survey released on Monday.
From a sales standpoint, this finding can be easily understood. Often, particularly in sales environments, IT departments are incorrectly seen as money-burning rather than value-adding groups. This causes trepidation for IT departments insisting on new data and user security measures, that, if detrimental to customer experience, can decrease sales.
According to the report, cost, effort, time to implement, and staff resources are the primary encumbrances cited by respondents to implementing new fraud detection and prevention tools. Ken Allen, senior vice president of global identity and fraud at Equifax, noted that "More than half of IT professionals use legacy technologies to support their authentication strategies, which is alarming. If IT doesn't prioritize adopting more advanced solutions and processes, they leave their organizations and their customers vulnerable to fraud, which will negatively impact the customer experience."
The legacy technology Allen refers to is passwords. To be fair, trusting end users to have good password hygiene is essentially courting disaster, as stacks of other surveys indicate that end users are terrible at using passwords safely. From a cursory glance, 87% of Gen Z respondents indicate that they reuse passwords across different accounts, while 75% of all respondents in the same survey indicate they reuse passwords.
Enterprise password use is not appreciably better, as one survey indicates one in five employees share their email password with coworkers, while another finds that employees share an average of six passwords with their coworkers. Earlier this year, WatchGuard Technologies reported that they could successfully crack half of government and military employee LinkedIn passwords in under two days, finding that the most common passwords include "123456," "password," "linkedin," "sunshine," and "111111."
Naturally, this stunningly incompetent use of passwords has led technology companies on a breathless sprint to be the first to kill passwords in favor of biometric authentication. According to the Equifax report, 64% of IT professionals expressed interest in these methods.
Microsoft is taking aim at passwords within enterprises with the Microsoft Authenticator app, giving users fingerprint, facial recognition, or PIN input for multi-factor logins. Biometric authentication has much more troubling practical limitations, with Apple's FaceID being fooled by children trying to unlock their parents' phones, and legal protections against unlocking devices with passwords do not extend to biometric authentication.
The big takeaways for tech leaders:
- IT decision makers are allocating 10% more toward improving customer experience than to security measures. --Equifax, 2018
- 64% of IT professionals expressed interest in adopting biometric authentication. --Equifax, 2018
- A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Apple killing off web passwords? Safari trials WebAuthn logins on macOS (ZDNet)
- Man-in-the-middle attacks: A cheat sheet (TechRepublic)
- From passwords to biometrics: How far are we willing to go? (ZDNet)
- Biometrics and the law: Police try to unlock phone with dead man's fingerprint (TechRepublic)