How password troubles could cost your online business potential sales
One in four online shoppers surveyed by Beyond Identity said they’d abandon a shopping cart of $100 or more if they had to reset their password to check out.
Grappling with passwords is one of the most frustrating aspects of online shopping. That’s true not just for consumers but for businesses. Beyond trying to deal with password guidelines and enforcement, online companies face a loss of sales as people become frustrated by the whole password process. And the problem isn’t limited to online stores. Banks, social media companies, gaming sites and dating sites all face the same obstacles.
SEE: Password Management Policy (TechRepublic Premium)
A report released Friday by identity management provider Beyond Identity examines the repercussions from consumers forced to remember or reset their passwords. For its report “Are Password Resets Costing Your Company?” Beyond Identity surveyed 1,019 US consumers about their experiences with passwords and online checkout.
Since so many websites now require users to create an account, the frustration can start right from the get-go. Half of the consumers surveyed by Beyond Identity said they’d leave a site if required to sign in with a password. More than half said they use social logins from companies like Facebook and Google to sign into other sites that demand a password.
Of course, remembering a password for a specific site after you create it is the next challenge. Asked how many times they’d try to guess a forgotten password before resetting it, 36% of the respondents said twice, 28% said once, and 22% said three times. Some 10% said they’d keep trying until prompted to stop.
When forced to reset a password, half of the consumers would create an entirely new password on their own, 37% would use a password generating service, and 12% would use a variation of the old password. But among those prevented from reusing an older password, 69% said they’d be very or somewhat likely to abandon the site.
The frequency at which people are forced to reset a password varies based on the type of site. In general, between 20% and 24% said they have to reset a password less than once a year, while 44% to 47% do it at least once a year. But 30% to 34% have to reset a password at least once a month.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
Under what circumstances do people forget their passwords? Most (67%) of the respondents said it happens when they’re trying to finish an online banking transaction, 56% said it happens when trying to get travel information, 55% reported it happening when they’re attempting to buy something, and 43% said it happens when they try to access a document.
Different obstacles can occur when a password is forgotten. Some 44% of those surveyed said that a forgotten password resulted in a failure to receive a certain service, 43% said they had to wait a long time for a problem to be resolved, 41% were unable to receive a product, 35% had to return home to retrieve something, 34% were forced to borrow money from family or friends, and 33% got lost due to a lack of directions.
Focusing on shopping sites, Beyond Identity found that 88% of the respondents were likely to try to reset a forgotten password if they already had items in their shopping cart. More specifically, though, 1 in 4 said they’d abandon a shopping cart with $100 or more if they had to reset their password during the process. Among the items consumers would be willing to abandon were clothing, household products, food or groceries, children’s items and health-related products.
Recommendations for reducing password frustrations
How can consumers and businesses better handle the frustration of forgotten passwords?
For consumers, the best option is to use a password manager. For security and convenience, a password manager can create, store and apply strong and unique passwords for every account and website you use. The only thing you have to remember is a master password, which needs to be especially complex and secure. But that’s a much easier task than trying to remember dozens or hundreds of passwords.
For businesses, another recent report from Beyond Identity offers several tips.
Authentication should be as light as possible for your website users. That means not requiring tedious passwords, second devices, hackable one-time codes or push notifications. Such requirements frustrate people and can lead to higher drop-off rates and fewer conversions of visitors to customers.
Consistency in your authentication process can increase customer loyalty and create a more positive experience. Your mobile app and website processes should look and feel the same.
For security reasons, passwords make customers vulnerable to different types of cyberattacks, including brute force attacks, dictionary attacks and credential stuffing. Instead of relying on passwords, authenticate people with multiple factors compliant with PSD2 SCA. That means combining “something you are” from the local device’s biometric technology and “something you own” from the private key created and stored in the device’s local secure enclave or Trusted Platform Module (TPM).