Are you looking for User Authentication recommendations? Want to make sure your users are safe whilst not hindering the usability of your products?
Then you’ve come to the right place!
In this blog we will outline not only what user authentication is but why it’s so important to integrate it with your customers' journey. We'll also be providing you with a couple of options for how you can introduce user authentication to your systems, explaining some of the pros and cons of each as we go.
So let’s start with…
What is User Authentication?
User Authentication is the process of identifying users who want to access something you’re offering, whether this is a physical device, software or even a network of some kind.
It is to confirm that the user is exactly who they say they are; once they've confirmed their identity, they may then be given access to specific sensitive information, which they wouldn’t have been able to see otherwise.
With companies these days storing more and more personal and sensitive information about their customers, they need to ensure that their security systems are up to scratch. Or they’ll end up with some very unhappy customers.
Why is it so important?
We can break down the reasons why people need User Authentication into two distinct camps, Internal Data Security (IDS) and External Data Security (EDS).
Internal Data Security: IDS refers to keeping your data secure from users who are already within the system. Whilst you want users to be able to see their own data, you need to stop them from being able to see everyone else’s. This is where User Authentication comes in. If you can confirm that a user is who they say they are, you then only display their own information to them, and you won't have to worry about it being seen by the wrong people.
External Data Security: EDS refers to keeping your data secure from external threats, more specifically, cyber criminals. Cyber criminals are always looking for ways to steal your user data; whether they mean to ransom you with it, sell it off, or they’re looking for specific information, you need to have adequate defences. You wouldn’t leave your windows and doors unlocked in your house, so why would you with your systems? Not having a well built authentication system is the equivalent of leaving your windows wide open and inviting criminals in.
Authentication and your Customer Experience
The issue many companies are having with security is finding the right balance between being secure with their customer data and not being so secure that you hinder the customer's journey.
If you don't have enough security steps, then your customer’s data won't be secure, and your customer will feel that their data is unprotected. They might then go to one of your more secure competitors.
If you have too many hoops for your customer to jump through, they may become frustrated by how long it takes for them to get access to your services. They won’t see the extra security as worth all the extra effort they have to put in, and again, may go to one of your competitors.
The onus is on you as a company to find the authentication method that will keep your customers' data secure and keep them happy at the same time.
Types of User Authentication
You could spend hours surfing the web looking at all the different authentication options around (trust us, we’ve been there). To save you some time, we’ve put together our top 3 authentication methods, which should help you provide the right balance between security and usability. But, it’ll be up to you to decide which, if any, of these are right for you!
Knowledge Based Authentication (KBA)
What’s your mother’s maiden name?
What street did you live on as a child?
What was the name of your first pet?
Don’t worry; we’re not trying to steal your identity, that’s just an example of KBA In action. KBA is the process of authenticating someone’s identity by asking them something only the user would know, whether this is questions about their childhood, family members of even pets.
There are typically 2 different types of KBA’s:
Static KBA: Static KBA (Sometimes referred to as shared secret authentication) is where users pick their own security questions, and share the answers to them with the system when they create their account.
Dynamic KBA: Dynamic KBA uses information that the system can gather about you to generate and ask you security questions. With this type of KBA, you don’t have any choice in the questions or answers you must provide. The system may ask you about past addresses it has stored for you, or even for certain digits in your NI Number.
Pros & Cons
Multi-Factor Authentication (MFA)
MFA is an authentication method where users are required to provide 2 or more verification methods for them to access your products or login. These typically include proof that you have access to the user's computer, their email inbox or even their mobile phone. There are many different types of MFA, including:
App One Time Password (OTP): This is where you will have an authentication app on your phone, which will be constantly generating OTPs for different accounts, which typically expire within 30 seconds - 1 minute. You can then enter this OTP as proof that you hold the user's device.
Email One Time Password: With this process, when you try and access a system, it will send either a link or a code to the email you used to set up your account(this will usually be mostly censored to ensure even more security). You then simply follow the link or enter the code to prove that you have access to the user's email server.
SMS One Time Password: With an SMS OTP, when you try and log into your account, you will receive a text to your provided phone number, which again is normally censored, with a code. You then simply have to input this code to prove that you have access to the user's phone.
Push Notifications: Whilst still a popular form of MFA, this is much less common than the others mentioned as it requires the user to have already logged into the system on a separate device (for example, a phone or laptop). When you try and log into the system, you can receive a push notification on a device you have previously used, which is then followed to confirm that it is you trying to access the system.
Pros & Cons
Biometric Authentication (BMA)
BMA is the process of using unique biological marketing to authenticate that the person is who they say they are. When a user registers an account for the first time, biometric data is collected about them; this is then compared to the data provided when attempting to log in, ensuring with almost 100% certainty that the person is who they say they are.
In the past, BMA was mainly used for physical locations; however, more recently, it has started to be used on devices with a biometric capability, for example, on a mobile phone. Some of the most common scans to secure biometric data are:
Pros & Cons
That’s it. We’ve told you all about our favourite authentication methods; now it’s over to you to pick one!
Can you see the benefits of one over the others? Are you still not sure? This is where we can come in to help.
Here at CX Consultants, we have over 25 years of developing smooth customer journeys. If you need help ensuring that your customer journey is as smooth and seamless as it can be, why not get in touch? And find out how we can help you today.
If you have any questions or want to discuss your CX strategy, system or customer journey, get in touch, we're here to help.