Acquisition and Retention

Acquisition and Retention: How Does Authentication Impact Each?

Categories: CIAM

What is acquisition & retention?

Customer acquisition and retention are essential to businesses’ profitability. All companies need to be able to attract customers (acquisition), and ensure that customers have a positive experience and don’t leave their business for a competitor (retention).

For digital businesses, the user registration and authentication processes have a dramatic impact on customer acquisition and retention. If it is painful to sign up for or log into an online account, then users will simply give up and take their business elsewhere, losing the chance to retain a hard won customer.

How does authentication impact customer acquisition?

For digital businesses, user registration and authentication are an important part of the customer acquisition process. Users need to create an account on the company site to access a company’s products and services in the first place.

In many cases, this registration process is painful and time-consuming for users. Some of the major sources of friction that users face during the registration process include password creation and multi-factor authentication (MFA), especially MFA that requires a second device for one of the factors.

Password creation hurdles

Many digital businesses use passwords for authentication, so passwords are a core part of the account creation process. Some of the pain points of the password creation process include:

  • Password fatigue: The average person has 191 passwords to remember, so it’s human nature to reuse passwords. The need to create yet another password causes significant friction, especially if an organization attempts to enforce password uniqueness requirements.
  • Password complexity: A common annoyance for users with password creation is a password complexity requirement. Non-random passwords are more easily guessed by attackers, so businesses mandate that passwords meet certain requirements, often having a certain combination of letters, numbers, and symbols. 

The complexity of creating a valid password that is acceptable to a site causes serious damage to the user experience. Our own research found that 67% of online shoppers said that password requirements have stopped them from creating an account on a site altogether. 

Multi-factor authentication obstacles

MFA is essential to bolstering the security of password-based authentication systems where weak and reused passwords can be easily guessed by an attacker. MFA requires a second factor in addition to a password, such as “something you have” or “something you are.”

While requiring MFA is a security best practice, the most commonly used forms of MFA add further friction to the user experience. Major pain points include:

  • Need for multiple devices: Most MFA systems use a “something you have” factor as the second factor for user authentication. This means that creating a new account requires users to have access to their smartphones or other secondary devices.
  • MFA setup processes: For MFA to be effective, users need to prove that they control the second factor. This often means waiting for and typing in a one-time code from a text or email, verifying ownership of a smartphone or tablet via a push notification, or scanning QR codes to set up an authenticator app.

By adding steps to the registration process, common approaches to MFA hurt the user experience and can lose customers.

How does authentication impact retention?

Customer acquisition is a one-time event, but continued profitability requires a business to retain its existing clients. Once again, user authentication plays a crucial role in customer retention. Some of the main sources of friction that hurt retention include:

  • Login issues: Users expect to have quick and easy access to their online accounts. Any issues with the login process, such as a delayed one-time passcode or a forgotten password, can cause a user to give up and go elsewhere.
  • Password resets: Password reset processes are a long and painful process, requiring a user to request a reset email, wait for it to arrive, and go through the process of creating a valid password all over again. One in four online shoppers were willing to abandon a cart of $100+ if they had to reset their password to checkout. 
  • Account security: Data privacy and security have become a major consideration for consumers when choosing between products. Data breaches that expose users’ login information and force password resets hurt brand trust and reputation and force users to go through a password reset process. A survey of ours found that 70% of customers have stopped using a service because of a publicized breach or a breach that happened to them.

Painful login and recovery processes drive away a company’s customers. Improving retention requires streamlining the authentication process.

How does passwordless authentication improve both?

Many of the hurdles that authentication causes for customer acquisition and retention are the fact that most companies use password-based authentication systems. Solving the authentication problem requires a change of tactics, like shifting to passwordless authentication.

Passwordless MFA uses a combination of digital certificates stored on a device and biometrics to authenticate users. This provides significant advantages, including:

  • Faster registration and login: With passwordless authentication, users don’t need to create and remember a valid password. Sign up for the user simply requires clicking on a time-based link sent to their email that, in the background, generates a public/private key pair and certificate (with no certificate management for companies). Logins are always seamless with a local device biometric and secure since every authentication leverages invisible MFA with only unphishable factors. 
  • Improved security: Passwords are a weak, completely compromised authentication method, and traditional forms of MFA provide little added security with insecure factors like SMS text messages, one-time-codes, magic links and push notifications. Using these insecure factors can lead to breaches, resulting in remediation costs and the loss of customers. Passwordless MFA completely removes the password and uses only unphishable factors, which cannot be easily compromised, eliminating account takeover fraud. Even the US Government agrees, as it recently explicitly stated that passwordless MFA is where we should be moving to and that phishable MFA won't cut it anymore. 

A company’s website or application is the face of the digital business, and account creation and login are the first step of every user interaction. Eliminating friction and pain points is essential to improving the customer experience and maximizing acquisition and retention. You do not need to sacrifice user experience for security, with a modern MFA you can have both. 

Demo Secure Customers today

See how Secure Customers can make worries over data breaches and access control a thing of the past while making secure authentication more frictionless than ever for your customers. Get a demo today.