Great customer experience, great security or great privacy. Pick one, you can’t have it all — or can you?
As digital applications are developed and evolve, conventional wisdom suggests we need to pick one. And most often, customer experience wins. This remains true, despite daily news about another data breach leaking our personal information, including passwords and personally identifiable information to the Dark Web. Take, for example, Gmail. There are more than 1.2 billion users. Even following hacks like the Equifax data breach of 2017 — where 143 million people had their ‘private’ information stolen — only 10% of Gmail users have enabled Multifactor Authentication. The other 90% of us hit the easy button. We want convenience. Chalk up another win for customer experience.
For those outside the IT security world, it’s important to know that MFA is almost universally accepted as the best way to secure credentials. A whopping 99% of IT professionals agree, according to a 2016 Wakefield Research study. Top that with knowledge from Verizon’s annual Data Breach Investigation Report that 81% of data breaches start with weak or stolen credentials, and you will begin to understand why cyber security professionals view MFA as the obvious solution.
Contrast this cyber and privacy conundrum with the fact that product design is driven by a passion to deliver a user experience that engages customers. The UX, often referred to as customer experience, can be the differentiator that delivers growth for an organization. It drives product design. Gartner research shows that 50% of consumer product investments will be redirected to customer experience innovations. Product managers are reluctant to enable features that negatively impact CX. As organizations grasp onto any opportunity to engage employees and customers at higher levels, they are trying to make things easier, better. A primary goal is convenience. From the perspective of access and authorization, MFA often just gets in the way. It interrupts. It distracts. It undermines.
How do companies build privacy and security into their products, then, when their customers prefer to bypass MFA as nuisance, or inconvenience? In the case of Google (and most banks), they make MFA optional. They force their customers to choose: Great customer experience, great security or great privacy — pick one, you can’t have them all.
Perhaps that satisfies compliance requirements and regulatory scrutiny — but it doesn’t do 90% of Google users any good. Odds are that they really need additional security and privacy. According to Google, more than 17% of users admit to reusing passwords across accounts, making them vulnerable should other accounts be breached. This number is actually very low. Wakefield Research conducted a study in 2017 showing that 81% of Americans reuse passwords. Even without shared password breaches, Google identified more than 67 million valid account credentials were already available on the Dark Web. For what it’s worth, Google is doing some very good work to combat this through a layered defense-in-depth approach to security. Safe Browsing, Dynamic Verification, and Smart Lock, for example provide additional layers of security, or Adaptive Risk Analysis even for those who have not enabled MFA.
However, some people loathe the thought of giving Google their phone number (required to enable MFA) or anything else associated with their identity. They see Google Ads that are obviously tracking their browsing history. They understand Google sells ads based on the accumulation of data. They get creeped out by what Google knows about them. They wonder who owns their identity. They worry about their privacy.
Increasingly, regulations are being introduced based on privacy concerns and the failure of business to adequately protect individuals. The most comprehensive privacy regulation in the world, General Data Privacy Regulation came into full force in May, 2018. Companies that are subject to GDPR need to take security and privacy to a higher level. Where customer experience has pushed privacy and security to the back seat, regulators have stepped in to protect consumers.
This has been the driving force behind Intensity Analytics. We believed that we could deliver on the promise of privacy and security without negatively impacting the customer experience. We have invested millions of dollars in research and development to achieve this goal. By applying our patented machine learning algorithms and artificial intelligence engine to the effort you make on a device, we have developed the capability to positively identify a unique individual without violating privacy and without requiring the user to do anything new or different. It’s easy; just enter your password.
Our approach to MFA and Adaptive Risk Analysis measures the effort you make when typing your password. Our results can positively identify you as the user, as accurately as a fingerprint. Only we don’t capture any PII like a fingerprint or Face ID would. In fact, we don’t even capture the text — only your effort in typing. When faced with the choice of great customer experience, great security or great privacy, you can pick one, or you can pick TickStream® by Intensity Analytics and have them all.
Keywords: Customer Experience, User Experience, CX, UX, Security, Cybersecurity, Privacy, GDPR, Passwords
#CustomerExperience #UserExperience #CX #UX #Security #CyberSecurity #Privacy #GDPR #Passwords