Merry Christmas everybody!!!! From my household of me and my two kitties, enjoy the day with family and friends!!! But here is one caveat fo to this: Please also stay safe. This is the time that the Cyberattacker likes to come out in all forms, primarily to steal your login information.
So as you continue to shop next up until New Year’s Day for
those special deals online, remember to protect your password!!! Even if it means changing it, please change
it!!!
Here is why:
According to a recent by a Cyber company known as Beyond Identity,
almost half (to be exact, 48%) of the respondents claimed that they would never
visit a website again that would not allow, or permit them to use the same
password that they have had before.
In other words, once you reset your old password to a new
one, you cannot use the old one under any circumstances.
There were 1,000 people polled in this survey, also discovered
these startling stats:
*1 out of 4 shoppers would abandon their online shopping cart
if they had to reset their password upon checkout (depending upon the dollar
amount, the max any of these respondents would abandon was pegged at $162.00);
*50% of all of the respondents had to reset their passwords
at least once a year;
*The age generation that experienced the most password
resets were the Baby Boomers;
*Through another study from Garner, it was discovered that
it was discovered that close to 50% of all help desk calls were related to password
resets. The average cost of this is now
deemed to be at $70.00 per password reset.
This is actually much lower than a few years ago, when password resets
cost a company of $300/employee.
More details on the study conducted by Beyond Identity can
be seen here at this link:
https://www.beyondidentity.com/blog/password-resets-and-the-consumer-journey
More details on the study conducted by Gartner can be seen
here at this link:
https://www.onelogin.com/blog/is-password-reset-the-pebble-in-your-businesses-shoe
These findings can be seen in the illustration below:
(SOURCE: https://www.darkreading.com/risk/nearly-50-of-people-will-abandon-sites-prohibiting-password-reuse)
So as a result of this, many online merchants, and even the brick-and-mortar
ones are having a hard time retaining customers, and bringing on new prospects
for the simple reason is that they do not want to reset their password.
This creates a source of “friction” between the two, and that
is the main culprit why people will leave the website in which they are about
to make a purchase in search for the competitor.
So what is a vendor to do?
Well, there has been research currently under way in which a passwordless
from of authentication can be used. In this
particular instance, the customer, when they visit the online store, will be
given a choice if they want to go this route.
If he or she does, they will then be sent a link in which they can register
for this service by simply using their Email address.
From here, an Encryption is issued and tied to this Email
address, all they have to enter is simply their Email address once they decide
to log back on again.
So far, the reaction from the Cyber industry has been mixed
on this one, which really surprises me, even though online vendors want to use
it so that they do not lose customers and/or prospects all because of a mere
password reset.
But in the end, the results of these studies (as mentioned
in this blog) point to the direction that whatever transpires, the customer is
king, and if they want this kind of authentication, then that is what the industry
has to develop and implement.
The more hard-core Cyber skeptics feel that this sort of
passwordless authentication really offers no protection at all. For example, what if the Encryption key gets
hacked into (and which is quite possible, actually), then what?
What other forms of authentication are available then to protect
the customer? Really, there is none, and
this is the biggest fear, unless of course passwords were used once again as a
secondary layer of authentication which then defeats the whole purpose
entirely.
My Thoughts On This
In the end, as I have written before, the password will
never leave us. It has been a part of our
society for decades, and in the end, people are creatures of habit. They do not want to change their existing
ways until something happens.
Unfortunately, that is the way it is going to be for a long
time to come. Instead, the Cyber
industry needs to come up with a better way not to create a brand-new
authentication mechanism, but simply build a better mousetrap.
What do I mean by this?
First, mandate the use of a Password Manager. That is what these software applications have
been created for, to create long and complex ones, and even reset them
automatically on a prescribed time basis.
Then with this, use some other sort of authentication
mechanism, such as that of Biometric, like Fingerprint Recognition or Iris
Recognition.
It’s probably easier to mandate this kind of approach to
employees in a business, but I fully admit that what I propose may simply not
work for the online merchants. For
example, how are you going to mandate a customer or prospect to use a Password
Manager before they can proceed in the checkout process?
This could be yet another reason for them to leave.
The other part that is driving this is that the American
consumer has now a lot of choices when it comes to online shopping. As stated earlier before, if they are not
happy with one merchant because of the password issue, they Google another,
similar site. It’s like shopping for a
lawyer. If you are not happy with your
existing one, you can simply fire them and get a new one.
But in the end, the customer and/or prospect is going to
have be flexible and understanding as well.
They should take comfort in the fact that if an online merchant is
making them to reset their password, it means that they are trying to adopt
good security policies.
I have been at websites where I have to reset my password. In my most recent experience, I had to reset
my password three different time.
Did that detract from being a customer? No, it did not. Yes, it was a pain to do it and have to come
up with a new one each time, but I know at least that this particular vendor is
trying to protect my account.
The bottom line is that the Cyber industry can create all of
the latest authentication mechanisms, but the American public has to come to
some middle ground with it in order to adopt it.
IMHO, that is where the key answer lies at in this whole
mess of Password Security.
No comments:
Post a Comment