One in four online shoppers surveyed by Beyond Identity said they would abandon a cart of $ 100 or more if they had to reset their password to pay.
Dealing with passwords is one of the most frustrating parts of shopping online. This is true not only for consumers but for businesses. Beyond trying to manage guidelines and password enforcement, online businesses face lost sales as people get frustrated with the entire password process. And the problem is not limited to online stores. Banks, social media companies, gaming sites, and dating sites all face the same hurdles.
SEE: Password management policy (TechRepublic Premium)
A report released Friday by identity management provider Beyond Identity examines the impact of consumers being forced to remember or reset their passwords. For his report “Are Password Resets Costing Your Business?“Beyond Identity surveyed 1,019 US consumers about their experiences with passwords and online payment.
Since so many websites now require users to create an account, the frustration can start right off the bat. Half of consumers surveyed by Beyond Identity said they would leave a site if they had to log in with a password. More than half said they use social logins from companies like Facebook and Google to sign in to other sites that require a password.
Of course, remembering a password for a specific site after you’ve created it is the next challenge. When asked how many times they would try to guess a forgotten password before resetting it, 36% of respondents answered twice, 28% once, and 22% three times. About 10% said they would keep trying until asked to stop.
When forced to reset a password, half of consumers would create a brand new password on their own, 37% would use a password generator service, and 12% would use a variation of the old password. past. But of those prevented from reusing an old password, 69% said they would be very or somewhat likely to give up the site.
The frequency with which people are forced to reset a password varies depending on the type of site. In general, between 20% and 24% say they need to reset a password less than once a year, while 44 to 47% do so at least once a year. But 30% to 34% must reset a password at least once a month.
SEE: How to Manage Passwords: Best Practices and Security Tips (Free PDF) (TechRepublic)
Under what circumstances do people forget their passwords? Most (67%) of those surveyed said it happened when trying to complete a banking transaction online, 56% said it happened when trying to get travel information, 55% said said it happens when they try to buy something, and 43% said it happens when they try to access a document.
Different obstacles can arise when a password is forgotten. Some 44% of respondents said that a forgotten password caused failure to receive a certain service, 43% said they had to wait a long time for a problem to be resolved, 41% did not received a product, 35% had to return home to collect something, 34% were forced to borrow money from family or friends, and 33% got lost due to lack of ‘orientation.
Focusing on shopping sites, Beyond Identity found that 88% of respondents were likely to try to reset a forgotten password if they already had items in their cart. Specifically, however, 1 in 4 said they would give up on a shopping cart of $ 100 or more if they had to reset their password in the process. Among the items that consumers would be willing to give up were clothing, household products, food or groceries, children’s items and health-related products.
Recommendations for reducing password frustration
How can consumers and businesses better deal with the frustration of forgotten passwords?
For consumers, the best option is to use a password manager. For added security and convenience, a password manager can create, store, and enforce strong, unique passwords for each account and website you use. The only thing you need to remember is a master password, which should be particularly complex and secure. But it’s a much easier task than trying to remember dozens or hundreds of passwords.
For companies, another recent report from Beyond Identity offers several tips.
Authentication should be as light as possible for your website users. This means no need for cumbersome passwords, second devices, hackable one-time codes, or push notifications. Such demands frustrate people and can lead to higher abandonment rates and fewer conversions from visitors to customers.
Consistency in your authentication process can increase customer loyalty and create a more positive experience. Your mobile app and website processes should look the same.
For security reasons, passwords make customers vulnerable to various types of cyber attacks, including brute force attacks, dictionary attacks, and credential stuffing. Instead of relying on passwords, authenticate people with multiple factors consistent with PSD2 SCA. This means combining “something you are” from the local device’s biometric technology and “something you own” from the private key created and stored in the device’s local secure enclave or Trusted Platform Module (TPM ).