By Gina Rau | Posted on May 20, 2013
For years, information security experts have emphasized the importance of practicing good password hygiene—that is, using a unique and unguessable password for every individual site on which registration is required. But online users are human, and password reuse happens a lot more frequently than security professionals would ever like to admit. In fact, a 2011 analysis by Troy Hunt, using real data from accounts that were compromised at Sony and Gawker in 2010, revealed that 67% of users registered at both Gawker and an affected Sony site used the same password at both sites. People who registered at two separate Sony sites reused the same password 92% of the time. And it’s hard to blame them, as the task of remembering “strong” and unique passwords across the number of sites where your users are registered is nearly impossible.
The net result of this issue is that even if you believe you have impenetrable defenses against hackers, your users and your data are vulnerable if a completely different site is hacked, due to password reuse/fatigue. Furthermore, it’s a rare company that truly has an impenetrable defense against hackers.
In addition to security issues, traditional registration on a site also comes along with increased costs. There is a cost to securing and encrypting registration data to prevent the kind of security breaches that have become all too common, but there are support costs, as well. Anyone running a site that requires users to sign in knows that the number one driver of customer support calls is users who can’t remember their credentials. In fact, Forrester has reported that password reset requests comprise 20-50% of the customer support volume for an online business, at an average cost of $70 per password-related support request. Ironically, the very reason why these users can’t sign in is often because they were practicing good password hygiene and can’t remember their secure passwords.
60% of online users have more than 5 unique passwords they have to remember.
There are hidden costs related to traditional registration, as well. In a study commissioned by Janrain, nine out of ten people admitted to having left a website when they could not remember the username or password they had registered there, costing companies customers and potential revenue.
50% of online users dislike the idea of creating new usernames and passwords.
Thankfully, there is a simple solution to these problems, and that is social login—enabling your users to register and sign in using the well-established identities they have already created at sites like Facebook, Twitter, Google, and Yahoo!. Not only can you eliminate the need for site visitors to create yet another account with a username and password that they are likely to forget, you can rest assured that they will still be able to get access to an email address for future marketing efforts.
List of networks that provide a verified email address via social login.
The concept of password hassle, or Password Fatigue Syndrome, really resonates with people when you stop to think about how many passwords you have and use on a daily basis. Can you relate to some of the responses in this Harris Interactive study?
40% of online visitors would rather scrub a toilet than create a new password.
Managing identities is a central concern of every enterprise. Almost all businesses have employee…
Why customer experience is essential to (C)IAM success.
Ten years ago identity and access…
From the barista who knows exactly how sweet you like your daily nonfat, caramel macchiato to the…