“Security, security, security.” Its so important that I just had to say it three times. Likewise, “password, password, password.”
Security professionals and business owners alike have had it drummed into them over the last few years that password security is of the utmost importance – if you allow users of your website to login with poor passwords then you are not doing them any favours as you will be encouraging bad habits and increasing the chances that someone else could gain unauthorised access, along with all the headaches that will cause for both you and your customer.
So you go away and ask your web developer to design a login system that requires a minimum password length of 13 characters that has to include numbers, letters (both upper and lower case) and symbols.
Your customers are now far more secure but what happens when they forget that complicated password? After all, the security community is starting to get the message through that they shouldn’t write their credentials on a post-it note stuck to their monitor any more.
Password manager you say? Sure, great idea, but how many ‘average’ people do you know who actually use one? I know of very few myself and, even then, I’ve seen the master password forgotten countless times.
I guess that shouldn’t be a problem though – you can just get your customers to reset their login credentials or answer some secret questions in order to set a new password. But is it that simple?
According to a recent survey by Ping Identity it certainly isn’t that simple and consumers can be quite fickle when it comes to making purchases on the web.
The company discovered that around 80% of consumers has locked themselves out of websites due to forgetting their login details – an affliction known as password amnesia – and over 20% of customers relied heavily upon continual password resets which would suggest that they are either setting passwords that are too hard to remember or just have so many that they cannot recall them all.
The survey of 1,000 UK computer users also discovered that 71% of consumers had given up on registration documents with 77% of those citing the fact that they were too long and 58% saying that the form required too much personal information from them. Around a fifth of those surveyed were annoyed that company websites couldn’t remember them from one visit to the next.
“With more than half of respondents logging into an online shopping site with a password up to five times a day, this login barrier could cost businesses dearly,” said Andrew Hindle, director at Ping Identity. “E-tailers need to make the registration and payment process as seamless as possible for customers – or risk that they will take their custom elsewhere.”
With cost-conscious customers turning to the web for more and more purchases during the recession they are having to remember more and more passwords and, with recent media attention focusing on web surveillance, they are becoming increasingly aware of how much information they are giving to the companies they do business with too.
These two factors combined make consumers nervous so this is an area that certainly needs addressing in my opinion, though I don’t see an easy answer. Password managers would be good if we could encourage their use through some sort of security awareness training for the masses, but can business web sites help in any way?
I’m not sure, but one thing that is certain is that those who over complicate their websites are losing out on much needed custom.
There is indeed a fine line between security and usability.