Implementing Strong Authentication Does Not Guarantee An Excellent User Experience

Understanding User Expectations And Business Goals Guides Security Posture

Add bookmark

Jeff Orr

Implementing Strong Authentication Does Not Guarantee An Excellent User Experience

The traditional password is no longer sufficient enough to prevent hackers from getting into our accounts containing a multitude of information that can be crippling to any enterprise. A limited number of passwords implemented by the typical individual means that hackers can crack one password and gain access to multiple accounts. Attackers count on human behavior to build lists of compromised account passwords that can be used for credential stuffing attacks.

A Ponemon Institute/Akamai study on The Cost of Credential Stuffing surveyed more than 500 IT security practitioners to quantify the potential cost to prevent, detect, and remediate credential stuffing attacks. According to respondents, these attacks have financial consequences annually to companies that result in:

  • $1.7 million - Application downtime
  • $2.7 million - Loss of customers
  • $1.6 million - Involvement of IT security

The IT security response to avoid these attacks is often to lock down web applications with a strong security posture. However, this rarely results in a positive user experience.

See Related: Incident Of The Week: State Farm Insurance Discloses Recent Credential Stuffing Attack

The Ponemon Institute study further found that preventing credential stuffing attacks is difficult because the fixes that prevent such action impact the web experience for legitimate users. Unable to login without a lot of friction, users revolt by looking elsewhere to find a comparable service or solution.

Multi-factor authentication (MFA) has features and benefits that can help with more secure verification, but it does not mean that user accounts are unhackable. A blended-defense strategy using MFA introduces the potential for fingerprint and voice biometrics, tokens, and other variations to overcome static credentials. Users also have flexibility to select combinations of authentication factors that overcome friction and achieve higher levels of adoption in line with the company’s security posture.

See Related: Assessing The Risk Of Account Takeover Fraud

Cyber Security Hub will host a webinar -- Strong Security Vs. User Experience: Finding The Right Balance – to discuss the fine line between maintaining the essential strong security posture for user accounts, while also ensuring a positive user experience for customers and employees. Security leaders will share their experiences and weigh the pros and cons of different authentication methods.