User-Friendly Login Procedures

We've all seen the requirements. Your password must contain upper and lower case, be between 6 and 23 characters long, and must contain at least one Beatle. And you need to pick a new one on a regular schedule, even if you don't use the site that often. Everybody hates it, and it turns out that these rules do not make it harder for attackers. 

How did we get into this mess? We'll take a look at the history of passwords, the attacks we thought we were protecting against, the attacks we actually need to protect against, how people made everything worse, and how we can make it better.

Key Takeaways:

- Passwords aren't being used for what they're good for, and we need to change that

- Password rules as seen today make for bad passwords, and we can do better

- People will find ways around your arcane policies

Enzoic will participate in a panel discussion on experiences balancing the challenges of user adoption with authentication security in a consumer web environment. 

Passwords are the most common layer of security; however, billions of compromised users’ credentials are circulated on the public Internet and Dark Web. And due to the common practice of password reuse, attackers can take credentials exposure in the numerous data breaches and use them to login to other sites that haven’t been compromised. Consumer facing organizations are being forced to address security vulnerabilities created by their consumer’s password hygiene and security practices.

Numerous options exist in the market to harden authentication security. Each involves introducing some form of friction into the consumer’s experience. User testing shows consumers have extremely limited tolerance for disruptions introduced by security measures, even when those measures are designed to protect the consumer, personal information and valuable assets. Yet, when a consumer’s account is compromised on a site, the blame is directed back to site – and the brand suffers both financial and reputational damage. 

This panel will examine various approaches to balancing security and user experience. We’ll consider various approaches to hardening an authentication process and the associated tradeoffs involved. We will cover the recent changes in industry standards and how different approaches can be applied across mobile and web channels. Additional topics will include: false positive and false negative alerts, the consequences of alert fatigue, and device considerations. 

Attendees will leave with a better understanding of the options (CAPTCHAs, BOT Detection, Biometrics, Multi-factor authentication, Compromised credential detection, and other methods) in the context of consumer business requirements.

Key takeaways:

• Authentication attack methods in consumer web
• New industry standards for securing authentication
• UX review of various authentication options
• Understanding of multi-step, multi-factor and different authentication factor types