Is your mobile authentication and phone verification option responsible for the drop-off rate?
Logically speaking, the majority of your mobile app sign-in drop-off rate has to be caused by the sign-in process itself. Did you know that 60% of users feel they are occasionally, frequently, or always slowed down or blocked from accessing services online?
The case is similar to the onboarding process itself. To illustrate, 43% of users simply abandon an onboarding process due to the friction related to proving the identity and/ or verifying their phone number, and that’s before they even start using the service.
We have to take the fact that this is your mobile app that we’re talking about out of the equation and ask you – can you relate to them? It’s no secret that mobile authentication and user verification methods can be extremely tedious.
We all know the feeling – you want to register or use an app again, but you have to go through user verification. Almost always, this will include either passwords or SMS OTP, and whichever it may be, the experience just might be causing too much friction.
Is it enough friction to single-handedly be responsible for the drop-off rate? Let’s investigate!
Are passwords and SMS OTP responsible for your sign-up and sign-in drop-off rate?
If you’re reading this post, chances are you already understand how crucially important user experience has become online, and this is true for every industry.
As far as mobile authentication goes, 70% of users prefer an authentication option for its ease of use. That right there is the first and main problem caused by passwords and SMS OTP, a user experience that falls short of today’s standards.
To build on that, a one-second delay in page load time causes a 7% loss in conversions.
Now, how many seconds does it take for you to type out your username and password? How many seconds does it take to submit your phone number, wait for the SMS code and re-type the code to verify your identity? A lot more than that.
The fact that 64% of users refuse to use SMS OTP speaks for itself.
Another problem arises when you take into account user attitudes towards digital and mobile identity management. Only 13% of people are satisfied with the way in which their digital identity is managed. Apart from the user experience, their biggest concerns are security and privacy, neither of which passwords or SMS OTP are known for.
Security-wise, passwords are extremely easy to hack. And while SMS OTP may seem more secure, that isn’t the case. The SMS technology carries with it the fatal SS7 technical flaw that can be used to intercept or reroute an SMS with your one-time password. And don’t forget about SIM swapping!
On a similar note, the public image of these two methods isn’t looking so good when tech giants like Google, Microsoft, and Apple are moving away from passwords and SMS OTP with their own authenticator apps. The hacking of the SMS OTP-protect Twitter account of the Twitter founder Jack Dorsey didn’t help either.
Finally, you have to take into consideration that sometimes, the SMS OTP verification method simply doesn’t work. One of our partners, the app CarGo used to experience 12% unsuccessful SMS OTP deliveries. In fact, research shows that almost half of users are permanently locked out of their accounts!
Circling back, are passwords and SMS OTP responsible for the drop-off? We’re going to have to say yes on this one.
Thankfully, with the progression of technology, you can quickly swap those out for more effective authentication and verification solutions.
How App Developers Can Ensure Low Drop-Off Rates
It’s clear that app developers should provide a frictionless user experience, and this is especially true for the first 24 hours after downloading the app.
Did you know that an average of only 14% of users come back to an app after the first 24 hours? What is worse, 60% of users will never use an app if it isn’t used within a week of downloading.
So, how can developers ensure a great, seamless user experience to cut down the drop-off rates? The most significant way to do this is to implement complementary, effective authentication options.
Let’s briefly go through the available authentication options and test their usability from the perspective of user experience.
How long did it take us to log-in using the most common authentication options?
Username and password: 3 – 13 seconds
Not only is the username/ password unsafe, but the user experience isn’t great either. In fact, it’s one of the authentication methods that take the longest to complete.
In our test, typing out the password only takes around 8 seconds. If you have to type out the username or email, too, add an additional 5 seconds on top.
On the other hand, password managers or autofill options come in really handy here. They can cut down the login time to 3 seconds and under. However, while password managers enable users to employ difficult-to-break passwords to increase security, certain risks arise when you put all eggs in one basket.
SMS OTP 2FA: 15 – 45 seconds
SMS 2FA powers the majority of 2FA use cases across mobile apps, although adoption rates prove that the user experience is one of the worst.
Most often, SMS OTP 2FA comes right after passwords so the time needed for this should be added on top of your username/ password time spent.
In our tests, SMS OTP 2FA takes anywhere from 15 seconds to up to 45 seconds, depending on how long it takes until the SMS arrives – if it arrives at all.
Biometrics login: 2 seconds or less
Biometric authentication shines its brightest when it comes to the user experience! By now, we are all familiar with it, we use it daily on our phones, and it just works.
However, biometric authentication comes with certain data privacy concerns, and it makes sense. When someone breaks your password, you change it. But if someone gets ahold of your biometric data, the story takes another turn.
Having that in mind, biometric authentication would certainly help cut down on your drop-off rate, albeit it may not be an ideal solution.
As far as our test, biometrics takes a maximum of 2 seconds to seamlessly authenticate the user (unless it is Face ID while wearing a mask :).
Single sign-on authentication options: ~5 seconds
You’ve been using single-sign-on (SSO) authentication options for some time now.
Think of it as “authentication sharing”. When you’re about to log in or sign up for a service, the OpenID Connect-based protocol redirects you to an identity provider to verify your identity. If you’re logged into the identity provider’s service (most often Facebook, Google or Apple), you will be logged in instantly or if not, you’ll be asked to authenticate.
While the user experience here is great, it’s worth noting that social media SSO only transfers the risks, most of which are still password-based, over to another party. Your user account safety will depend on the third-party and the user themself.
Then there are the privacy risks. While Apple takes this very seriously, the social media SSO options such as Facebook share not only your credentials but your user data too, which has resulted in many data leaks in the past.
In our test, SSO takes around 5 seconds that it takes to transfer over to the third-party and verify your identity. If you don’t have an active session on that third-party, then just add-on the time needed to log in.
IPification, one-click mobile authentication: 1 second
From our analysis, we can see that users today highly value a frictionless user experience, security, and data privacy. And we don’t blame them, there is no reason to make them compromise when there are options out there that can provide all three.
Let us introduce you to IPification, our one-click, passwordless mobile authentication, one-click phone verification, and fraud prevention solution.
We developed IPification to uphold the standards of security, user experience, and data privacy.
The security aspect comes from leveraging the immense power mobile network operator technology offers in the mobile identity space. Mobile network operators install our proprietary GMiD box on their networks, and IPification assigns a unique mobile identity key to each user.
This key is based on the user’s phone number, SIM card, and device data while the user is verified without actually transferring any private data over the network to ensure data privacy. Since the user is only verified against their complete identity key that includes both the phone number and device data, SIM swapping isn’t an issue either.
To top it all of, users are verified in milliseconds with only one click which helps make your onboarding process a piece of cake. As far as re-verification is concerned, IPification is capable of passive re-verification without interrupting the user.
Best of all, it’s able to be implemented within days.
Sounds good? We’d love to tell you more. Schedule a call with us.
