With the onset of the new data privacy and security related regulations such as GDPR and PSD2 coming into full effect in mid-September 2019, the questions of customer authentication, fraud prevention and user security become more and more prevalent. But what is User Authentication anyways and how to keep it user-friendly?
What is User Authentication?
User Authentication is rather simple and something we are quite used to in our everyday lives. It’s joining a unique value in the form of a username/code/sequence to a unique individual and combining it with some form of a verifying value such as a physical token/password/biometric signature. When these two are matched the user is verified and access granted.
What constitutes Strong Customer Authentication?
In a nutshell, it means taking basic identity verification as described before to the next level and requiring individuals to provide information that cannot be easily guessed or stolen. For instance 2-step verification protects your account with both - your password and your phone and keeps any bad guy away even if he has acquired your password. This means that there are multiple verifying values and thus obtaining, guessing or stealing them becomes that much more difficult. So, someone guessing your password would still need your phone or vice versa.
Implementing authentication means protecting your business as well, not just your customers, since in the world of complete order automation, you do not want to put your business at risk via fraud or negligence lawsuits.
Keeping authentication user-friendly
However, there is much more to consider, as too long or too laborious authentication procedure brings inconvenience to your own customers. Simply put, it is important to implement authentication that is secure and thorough while preserving the privacy and convenience.
It’s important to understand that not everyone is interested in the latest high-tech security features or encryption, but everyone appreciates a bit more in the way of security in our data-driven lives.
While there is no silver bullet and each type of technology comes with its own specifics, common characteristics of user-friendly authentication often mean:
● requiring no lengthy or difficult passwords to low risk systems, applications or accessing basic content;
● choice of various authenticating options such as passwords, physical tokens or biometrics;
● choice of alternative options if the preferred option doesn’t work as well as multiple layers;
● stronger forms of authentication, for instance, via personal phone as a second layer on top of a strong password.
To achieve these advantages and overcome weaknesses of generic passwords, businesses look at security as a competitive advantage and differentiator helping to attract customers, increase sales and loyalty.
A better product is also a safer product and strong authentication offers a solution that customers can easily understand and adopt. And adoption is key here as the strongest authentication systems do very little if they aren’t implemented. Or people find easy ways around them to preserve the initial convenience of just having a password along the lines of “password”, “123” or “Dog”.
Do keep in mind though that in the EU GDPR and PSD2 (more specifically the accompanying RTS) set standards for what Strong Customer Authentication is, so businesses can check if they meet the regulations and customers can evaluate the security of the process and service they are using.