Hey there, enterprise leaders! Are you ready for the ultimate event in AI strategy? Join us at VB Transform, the event trusted by industry experts for almost two decades. Find out more!
Let’s talk about authentication. From passwords to passkeys and a whole range of options like 2FA, OTP, MFA, SSO, and SNA, businesses and customers can’t seem to agree on the best approach. But one thing everyone does agree on is the importance of these tools.
The FIDO Alliance discovered that over half of customers (53%) experienced more suspicious messages and online scams in 2024, especially through SMS, email, and phone calls, fueled by advancements in AI.
Despite the rising cases of fraud and identity theft, with the FTC receiving over 1.1 million reports of identity theft last year, businesses must find a delicate balance between strong security and user convenience.
So, how can businesses achieve this balance and implement effective authentication solutions?
The customer is always right
When it comes to authentication, what works for employees may not work for customers. Implementing WebAuthn as the sole form of 2FA for employees through a company-wide mandate was successful, but customers need more flexibility.
Take my experience trying to book a hotel for my family vacation. Despite finding the perfect room at a great rate on a travel site, repeated CAPTCHA issues led me to book with a competitor. User experience friction, especially during authentication, can make or break a conversion.
Many businesses struggle to find the right balance between security and user experience, with 40% citing reducing friction during account signup as a major challenge.
Customer behavior is hard to change, and businesses must adapt to meet their needs and limitations while understanding that a one-size-fits-all approach won’t work.
A signal-driven future
In the future, authentication will rely more on continuous signals than fixed identity checkpoints like logins or purchases. Businesses can adjust friction levels based on customer behaviors, much like a brake system.
Imagine receiving a promotion from your regular auto shop for new tires. Clicking on the offer should provide a seamless login experience based on your history with the business. However, logging in from a different location should trigger additional identity verification to ensure security.
As we interact with multiple applications without constant logouts, businesses must adopt a zero-trust mindset and implement risk-based authentication that adapts to user activity.
AI adds a new layer of complexity to authentication, especially as we delegate tasks to AI assistants and autonomous agents. Distinguishing between legitimate user actions and malicious bot activities will be a key focus for enterprises.
Authentication: An ‘and’ not ‘or’ proposition
While new authentication methods and regional requirements like Singapore’s Singpass continue to evolve, no single tool will dominate the market. Businesses must offer a variety of options to cater to different customer preferences and ensure the security of each method.
Success in the authentication balancing act lies in providing choices while maintaining security against identity-based attacks. Businesses that navigate this tightrope effectively will lead customers to seamless yet secure experiences.
Connect with Anurag Dodeja, Head of Product, User Authentication, and Identity at Twilio, for more insights.
