By now we are all well aware that passwords are a pain for users to remember, keep track of and maintain. But what some organizations might not realize is just how detrimental password sharing can be for business beyond the security aspect. As a coping mechanism, users tend to re-use the same passwords across multiple accounts. Since many users have dozens of online accounts they rarely update their passwords. Meaning, if their password is shared just once the likelihood of someone abusing one or more of their accounts is high. Once a password is shared there is very little control over how it’s used further.
In this article, we’ll discuss the detrimental implications that password sharing has on your business and bottom line, customer experience and revenue as well the emerging methods used to combat these issues.
Customers share their passwords. A lot.
In a survey conducted by Transmit Security, 52% of consumers said they have shared their password to an online account with someone else. From this statistic we can see that password sharing is a common, often thoughtless, practice among many consumers. Customers don’t seem to be bothered about sharing their passwords with colleagues, friends or partners. And why would they? After all, the consequences of password sharing don’t fall on them – they fall on businesses.
Password sharing directly implicates your business
Licensing abuse: If users have access to a password for an already paid account they are effectively avoiding paying (which means less revenue for you as a service provider) for a second account. One-third of subscribers to services like Netflix share their password with someone outside their household (Magid). Users of services like Netflix or MasterClass, which offer on demand viewing, share passwords freely knowing their experience will be somewhat jeopardized in order to avoid additional payment.
Usage monitoring and personalization: If accounts are being shared by multiple users, service providers are less likely to accurately monitor usage and are unable to correctly personalize their offerings – their user experience can’t be optimized or personalized to meet their users expectations. Service providers can’t give their customers what they want because they are unable to see clear user activity. This inability directly impacts potential revenue.
With incorrect data, effective targeting becomes impossible as there is no clear picture of who the actual account holder is. Questions like, what do they like? When are they active? And how can you upsell them all become hidden mysteries. The loss of potential revenue here is enormous (and unfortunate).
Security: Given that 65% of users re-use the same password across multiple accounts (Google) once users share that one password with someone else they are essentially handing over access to multiple accounts they own. Hackers know (and use) this too which is why they are able to successfully hack into multiple accounts of the same user. Which is why it comes at no surprise that 80% of hacking-related breaches are linked to passwords (Verizon).
A passwordless approach solves the issue of shared passwords
If online vendors offered a passwordless solution that used device-based biometrics, effectively removing passwords from the entire process then service providers could ensure that for every account there is only one intended user. More than that, service providers could more accurately monitor and personalize their user journeys leading to more potential revenue.
The end of the password era
While the password may have ruled for 70 years, the introduction of device biometrics and WebAuthn is a clear signal that the password regime is (finally) over. Since the introduction of the password, everything in the industry was built around it – directories, authentication, account takeover detection, single sign on and IDP. But now, thanks to Apple for creating usable biometrics and the introduction of WebAuthn we can usher in a new method of authentication.
The end of the password era will undoubtedly make the online world a more secure place but that’s not the only thing it will positively impact. Now that businesses are free from passwords and their detrimental implications they can focus on improving and optimizing their customer experience – which ultimately improved business, customer loyalty and revenue.
Mickey Boodaei, CEO & Co-Founder of Transmit Security
“The death of the password is the beginning of a much improved customer experience that will positively influence the top line and bottom line of every business.”
Given the current state of authentication, Transmit Security set out to create a solution that would solve the complexities around passwords for both customers and vendors. BindID is the industry’s first app-less mobile authenticator that uses FIDO2 certified built-in device biometrics for reliable and consistent customer authentication across every device and channel.
Using innovative technology, customers are able to experience a truly passwordless method of authentication. With passwords out of the equation, every account created can only be accessed by the intended user via their unique biometric profile.
Get the report
Ready to learn more about the impact of passwords on your business, bottom line and revenue? Download our report today!