Report finds requiring customers to use passwords is bad for business

To no one's great surprise, as a means of authentication, passwords still suck. E-commerce customers will jump ship if there's too much hassle.

World password day

Image: iStockphoto/PfeifferV

While it will not come as shock to anyone, a new report finds that people still hate passwords. They will abandon transactions, refuse to register for services and leave websites that ask them to sign up with a username and password. That's the conclusion of the Impact of Passwords on Your Business report from Transmit Security, an identity management company. 

The report found that 55% of consumers said they have stopped using a website because the login process was too complex; 87.5% of consumers said they have been locked out of an online account after trying to log in too many times. This occurs at similar rates regardless of age, but younger consumers are locked out slightly more often. This could be due to the relatively high number of accounts they have compared with older users, the report said. 

SEE: Identity theft protection policy (TechRepublic Premium)

Common problems that lead to lock out include:

  • Having Caps Lock engaged

  • Using the wrong language keyboard

  • Using overly complex passwords

  • Having too many passwords to remember

  • Systems that require regular password changes

  • Forgotten passwords

The results of being locked out can be bad for business. At 92%, the vast majority of consumers said they would rather abandon a website visit instead of recovering or resetting their passwords, while 66% said they leave websites when registration processes become too complex. A near-identical number (64.5%) of consumers said they abandon websites just because they are asked to create a username and login. 

"Many organizations are losing millions in potential revenue simply because customers can't remember their passwords (or refuse to participate in a long and complicated sign up process)," the report said. "Customers will spend valuable time adding items to their cart but when asked to re-enter or update their information they flee. Why? Because it's inconvenient and they know they can hop on over to the next site that won't make them jump through hoops to sign up or check out successfully."

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Another issue highlighted by the report was poor password security practices. Over half (52%) of the survey respondents have shared at least one password, while 41% say they share passwords often. Password sharing not only poses cyber and personal security risks but negatively impacts business revenue through the loss of new customer accounts. Sharing also hinders an organization's ability to monitor website visitors and personalize services.

"Since many users have dozens of online accounts they rarely update their passwords," the report said. "Meaning, if their password is shared once, the likelihood of someone abusing one or more of their accounts is high. Once a password is shared there is very little control on how it's used further."

Transmit Security's CEO Mickey Boodaei and President Rakesh Loonkar will present the report findings during a webinar at 11 a.m. ET April 6. 

Also see

By Allen Bernard

Now a freelance business writer and journalist, Allen Bernard is the former managing editor of CIOUpdate.com, eSecurityPlanet.com, ITSMWatch.com, and EnterpriseNetworkingPlanet.com. Throughout his 20-year career, Bernard has focused on explaining the...