Back

User convenience or security? The truth is you can have both.

June 7, 2019
3 minutes read
Category: Mobile Identity
Author: Harry Cheung

There is a common misconception in viewing UX and security as the opposite ends of the spectrum. And if you want to ensure long-term market success, you need to offer products that provide both.

Today, it is the demand for your product that dictates and shapes your market share. And this demand is defined largely by how secure and convenient your product is. This holds true for companies in any industry, from fintech to telcos to healthcare.

While telcos grapple with OTTs to woo the favor of customers who seek on-demand, high-quality content, finance companies face data breaches. Meanwhile, healthcare providers are looking for ways to modernize services and protect user privacy. So what is the key? How do you bridge the gap between user security and convenience?

Not “Either/Or”, but “Both”

Going forward, the only way you can keep up with users’ demands is to build a product that is both secure and easy to use.

And this is done through solid user authentication.

But there is an obstacle here that needs to be addressed first—the spectrum mentality and constant compromising it causes. Balancing between user convenience and security is a dangerous approach. It is fraught with chances of serious security breaches and material repercussions.

Unfortunately, this mentality has shaped most authentication methods available in the market. Just take a look at the most common ones today—it boils down to having to choose between a convenient and secure authentication method.

For starters, header enrichment doesn’t interrupt the user flow, but its security rests solely on visible, human-readable snippets in the URL.

On the other hand, OTP SMS is ostensibly more secure. And still, there are numerous cases where just a bit of social engineering gave hackers access to SIM data and users’ credentials. Plus, it has become relatively easy to gain access to the SS7 system and reroute text containing one-time passwords.

Meanwhile, tokens and third-party apps are more robust and secure but they lead to user fatigue and frustration. In turn, this often leads to cart abandonment and high dropout rates.

Finally, biometrics is more convenient, but cases of identity thefts via 2D masks have raised serious doubts about the credibility and security of these methods.

Reconciling UX...

Whichever of the two paths you choose, sooner or later down the road you, and your users, will need to bear some risk. The question is how much risk you are willing to take.

After all, user authentication is supposed to protect personal data, whether it’s finance, health, relationships, or entertainment. There is simply no room for jeopardy.

If you choose user experience, you are running a risk of endangering customer data. Using a biometric solution can surely speed up the authentication process, making it easy for the user to log into bank accounts or unlock smartphones.

However, this method works—until it doesn’t. People have been locked out of their accounts as a result of a false negative—the scenario when a real owner is not recognized due to software failure to authenticate them. This could happen for a number of reasons, in some cases simply because of dry palm skin or sweaty hands.

As for header enrichment, suffice it to say, it’s slowly but surely becoming illegal and obsolete, so much that Google and Apple stores won’t allow access to their services to any solution that rests on it. It is one of the most convenient solutions out there, as the user doesn’t even know they’re being authenticated. But with such high stakes, there’s really nothing to balance here. This method is plainly bad.

… and Security

On the other hand, going for security now seems like a more sensible option. But the issue with these solutions is that they cause customer fatigue.

The average customer today judges an app by how fast and easy they can get access to content, be it 4K video streaming or money transactions. Multifactor authentication solutions can quickly become tedious for an average consumer, as they disrupt their journey and cause frustration.

And there’s an even bigger problem than being frustrated by an app.

Secure but user-unfriendly solutions can encourage risky consumer behavior.

Wishing to speed up the process, customers will be tempted and most often give in to circumnavigating the process altogether. This can expose not just their own data to hackers but can endanger the entire network, including other users and your own assets to a cyber attack. Once a hacker is “in”, it’s a matter of time before the entire system starts collapsing.

Don’t Tip the Scales

So how can you balance user convenience and security?

You can’t and you shouldn’t.

You should strive to provide both. It’s a matter of necessity—the apps of today need to be both secure and convenient.

The path you should take is to not build in a silo. The days of hoarding assets and data are gone. You can’t win the market by yourself as an operator or a merchant. But you can pair up with other providers and network operators. You can exchange data and expertise to jointly create a seamless customer journey that’s well defended from hacker attacks.

Over recent years, mobile-based authentication has been gaining traction worldwide. It’s steadily shaping to be the choice for user identity protection. And the main reason for this is that it allows both ease of use and user safety. It’s possible to allow users to access all vital data through a secure, impregnable connection via a single tap login.

The first step to get there is to stop thinking in terms of balancing. Because balance means having a compromise between UX and security. IPification means having both.