The concept of happy and unhappy ways familiar to those of user experiences (UX).
Happy paths are the steps that a digital user takes by default or expected use of the application without causing errors. They lead to expected or desired goals for the user. Unhappy paths – also called sad, bad and exception paths – are those that are not happy. They often lead to error or exception messages.
UX professionals should identify and check how happy and unhappy way. Where possible, they should strive to eliminate accidents path or to reduce their impact on the user and return the user to the happy path as quickly and easy as possible. Doing this well makes a big difference in user identification experience. For your digital customer channels, success here leads to increased brand loyalty, customer engagement and revenue.
User authentication is often an “unfortunate way”
UX professionals need to know security fatigue what worries many users. But they also need to know about the safety impact on the happy and unhappy way. Problems associated with the identification, such as login and privilege elevation are frequent causes of accidents paths. On the one hand, unsuccessful logins and passwords are forgotten common. The average American has five password reset every month. According to Stephanie Lucas of LinkedIn, there are three common causes of unfortunate pathways. With this lens, it is easy to understand why the problems associated with identification and authentication are such common causes of unfortunate pathways.
Unexpected obstacles for the user
The first cause of unfortunate paths is when the user experiences some obstacles – temporary or permanent – that prevent them from successfully use the function. These problems often occur because of incorrect assumptions about the function of the users. For example, does the authentication system create additional problems for people with disabilities, such as dyslexia, dementia, blindness, or movement disorders?
Passwords, in particular, are problematic for users. They require the ability to accurately introduces a number of letters, numbers and characters in a web page. For the password to be secure, these characters must be random, making it difficult to remember and identify typos and other errors. Secure, unique passwords are difficult to use by design. They may be impossible to use for many people. If your customers can not sign in with your login and password which they dissatisfied with the way? For many, this path is a rejection of the application or site.
An external threat to the relationship
The second reason for the unfortunate ways – this is when a third party is a threat to the relationship. This includes the relationship between users, or between the company and the client.
The possibility of attacks on account hijacking (ATO) leads to the fact that businesses are deploying security features that increase the likelihood of unfortunate routes. For example, authentication systems may require additional levels of security, such as one-time SMS passwords (OTP), out-of-wallet questions, and CAPTCHA tests. These represent developed unfortunate ways.
Each of them leads to its own exceptions and necessary processing routes and increases the load on the user. This friction in the user experience can also negatively affect the user’s relationship with the enterprise and willingness to use its services.
External threat to one side
The third common cause of unfortunate pathways is when a third party poses a threat to one party, either to the business or to the customer. For user authentication systems, this is usually associated with the risk that a successful ATO attack will result in the client data being compromised.
Do your security measures leave your customers unprotected? Phishing attacks and “people in the middle” attacks make password-based schemes inadequate, including with additional levels of protection, such as one-time passwords. If your customer accounts are hacked, they are on perhaps the most unfortunate path of all: account recovery.
Make authentication a “happy way”
To avoid these unfortunate paths, you must first understand how often passwords underlie the problem. As described above, passwords often force the user to follow the sad path of failed logins, resetting passwords, one-time passwords never received (by email or SMS), or, at worst, accounts captured by a bad actor. . Passwords can not be part of the solution, because they are the source of the problem. The solution is remove password.
Password-free authentication refers to a class of authentication solutions that do not require a multiple password. Consumers are increasingly aware of and prefer these options. Indeed, its annual list includes 10 breakthrough technologies, The MIT Technology Review put an end to passwords first on its list, stating, “For decades we needed passwords to do something online. New forms of authentication will allow us to get rid of them forever. Instead, we will use a link sent by email, push notification or biometric scan. Not only are these techniques easier – you don’t need to memorize your face – they’re usually safer. “
If done correctly, a password-free authentication service greatly reduces or completely avoids the scenarios described above. In particular, the password-free approach based on FIDO (Fast Identity Online) The standard works for more users with disabilities, it makes additional levels of protection obsolete and protects against many threats directed directly at your customers. It is both safer and easier to use.
How? FIDO-based password-free authentication directly addresses all three common causes of unfortunate paths:
Unexpected obstacles: Users experience unexpected obstacles when they forget a password or do not enter it correctly. With FIDO-based passwordless authentication, users verify their identities using biometric or other methods that do not use knowledge-based factors. They use the mobile devices they have and their biometrics never leave their devices.
Relationship threats: Relationship threats arise when authentication issues cause additional friction for the user. FIDO-based authentication uses stronger authentication techniques and public key cryptography to eliminate the need for additional security features.
Threats to one party: Customers are harmed if a security breach – such as a data hack or a successful ATO attack – results in their data being hacked. FIDO-based password-free authentication uses stronger authentication factors to protect against ATO attacks and does not require businesses to store sensitive information. FIDO authentication is evidence of phishing that is immune to bots and other brute force attacks, and provides confidence for both the customer and your site that each party is who they say they are.
FIDO authentication is supported by dozens of leading brands in technology, banking, cybersecurity and others, as well as governments. Transmit Security is on the FIDO Alliance board along with companies such as Apple, Microsoft and Google, which include FIDO in their devices, operating systems and browsers. FIDO is fast becoming ubiquitous and supports usage options for both the workforce and for customer authentication.
To learn more about passwordless authentication, read our complete guide here.