Cheat sheets

User Experience and Strong Authentication

Share this with people that should know this:

All enterprises balance their need for strong authentication security against a frictionless user login process. Most fraud and account takeover security products focus on system integrity without much regard for user experience.


User Experience and Strong Authentication: Balancing Made Easier

Companies that position their security measures solely as enterprise protection can foster frustrating user experiences. Some strong authentication methods that can dissuade users:

  • 2Factor Authentication (2FA) and Multi-factor Authentication (MFA). These systems create frustration when customers are greeted with authentication codes and other methods to confirm account access. They have multiple points of failure which lead to higher user abandonment rates.
  • Adaptive Authentication. These systems cross-reference IP address, geolocation, device reputation and other behaviors to assign a risk score to an inbound login session and step-up authentication factors accordingly. To increase effectiveness, they tend to be tuned aggressively, adding additional authentication factors in relatively benign cases.  In many instances, this increases customer frustration and abandonment.
  • Biometric Authentication. These systems use biometric data from users to confirm identity during future log-ins. Widespread use of these systems is impractical because not all current technologies and devices have biometric capabilities.  While biometrics can improve user experience when available, they do little to strengthen security since they must rely on a fallback to password-based authentication when the biometric fails or is unavailable. 

Credential screening is different. While emphasizing user experience, credential screening also adds a strong security layer to the authentication process by:

  • Seamlessly screening usernames and passwords to identify compromised credentials at the point of user login.
  • Encouraging users to select better passwords when they reset their password.
  • Alerting users to their exposed credentials with immediate notice.
  • Providing a definitive risk result: entered credentials are either compromised or not.
  • Supporting a flexible, site-defined response when compromised credentials are detected.

Enzoic built its credential screening products with the understanding that consumers use the same login credentials across multiple sites. When a user logs in, Enzoic compares their credentials against a continuously updated database of compromised credentials. This process is behind-the-scenes and adds negligible latency to the login process.  If the user’s credentials have been compromised, a range of responses can be taken: companies may force an immediate password reset, clear credit cards on the account, require an additional auth factor, or log for additional analysis. This protects the user’s account and maintains enterprise security against credential stuffing and account takeover attacks launched by cybercriminals.

It is a simple fact that strong authentication can impact user experience and effectiveness. With Enzoic, your company can now manage how significant that impact is.

Share this with people that should know this: