frictionless authentication

Frictionless Authentication Across eCommerce, Media, Travel, and Fintech Industries

Categories: CIAM, Thought Leadership

As we're fond of saying at Beyond Identity, passwords stink. Not only are they inherently insecure, but they're also a source of friction within the authentication process. Every user has to stop, enter a password (that they hopefully remember), and possibly perform other actions to gain access, like entering a one-time passcode (OTP) or clicking a push notification. 

It's not a user-friendly experience.

Frictionless authentication describes an authentication experience that is seamless and light for the user, and it typically involves removing the password. Other methods include progressive profiling and social logins.

However, there are degrees of friction reduction and not all authentication methods are as frictionless as they claim. For instance, replacing the password with a one-time passcode (OTP) requires the user to pick up a second device if they're trying to gain access on a web browser, which actually increases friction.

Some methods of friction “reduction,” such as social logins, simply mitigate the responsibility of security to a third-party platform and still relies on the customer remembering and typing their password. By using your Facebook account to login, for instance, an attacker only needs to compromise a single credential to gain access to all the accounts you used with it. Plus, many customers may not remember their password to their various social accounts.

Your authentication methods matter

Beyond Identity completed a study earlier in 2021 looking at the adverse effects of password-based authentication on the customer experience across customer acquisition, conversion drop-off, and retention. The findings were conclusive: the password is a significant pain point.

Two-thirds of those surveyed said that password requirements stopped them from creating an account. While this may not seem that problematic, given most online retailers allow customers to check out as a guest, 82% were more likely to complete a purchase if they had an account with the vendor.

But getting customers to register for an account is half the battle: once in, consumers are hindered by passwords. Thirty-nine percent of respondents said they often or always abandon their carts due to password recall or recovery issues, and over three-quarters of those surveyed report abandoning their cart due to difficulties in resetting passwords.

Another issue is something called "password fatigue," something nearly nine in ten surveyed reported experiencing. Vendors are using more rigorous authentication methods to increase security, but it puts more onus on the customer to adhere to cumbersome security policies like requiring a second device or remembering long, complex passwords.

If your primary authentication mechanism is the password, you're only contributing to your user's overall fatigue with modern online authentication. Frictionless authentication done right addresses all of these pain points and eliminates the possibility of compromised accounts due to weak or stolen passwords.

Frictionless authentication in practice

We believe four industries could benefit most from frictionless authentication solutions. Each has its own unique set of needs and concerns surrounding authentication, and where any friction in the process could affect the bottom line.


Getting your customer to part with their hard-earned money is difficult. The key to success in eCommerce is not only to draw them in but getting them to convert. The checkout flow is key to this success. Frictionless authentication makes the checkout process seamless and quick.

There's also another added benefit, and that's fewer guest checkouts. Our survey also found that 58% favor checking out as a guest. While offering guest checkout options is a necessary evil, offering a passwordless authentication option may result in more account registrations, allowing you to personalize product recommendations and build long-term brand loyalty with a known customer.


It's likely happened to you at least once: you’re logging in to watch your favorite streaming service and for whatever reason you've been logged out. You have to re-enter the password, which is an annoying and time-consuming process if you’re not on your computer.

Using frictionless authentication here is a no-brainer. At registration, a passwordless credential is created and every time the user wants to login after the initial registration a true, zero-friction passwordless authentication takes seconds without the need for second devices, codes, or push notifications.

Since many media companies deliver content across web and native applications, single frictionless authentication should support all applications across every device, increasing cross-platform engagement.

Frictionless authentication for media companies means customers can flexibly extend their passwordless credentials across multiple devices so they can access content everywhere and not have their experience disrupted. Plus, with each device cryptographically tied to an identity, companies have the ability to control how many devices can be attached to a single account.


The travel industry has undergone a digital transformation in the past few years, with tickets and reservations increasingly, and in some cases completely, going digital. With this in mind, the worst thing that can happen from a customer experience standpoint is an authentication issue pulling up their ticket or reservation when they need it.

Frictionless authentication would make this a thing of the past. The traveler has already identified themselves through biometric authentication (facial recognition, fingerprint, etc.) on the device and with device-based credentials, there's no need for the traveler to go through a password or MFA hoop to get where they need to be.

Moreover, passwordless authentication that completely deprecates the password, including for recovery, allows you to completely protect travelers and guests from credential-based account takeover fraud. 


Authentication methods at financial institutions are appropriately strict. They're dealing with customers' assets and must be vigilant for fraudulent transactions. Multi-factor authentication (MFA) is the most common method to protect customers' accounts, and stricter password policies than most online services are common within fintech.

But as we've said before, MFA adds friction to the process, and no matter how strict you make the password, it's still insecure (just ask Coinbase). Authentication issues are a significant driver of customer support calls, so switching to frictionless, passwordless authentication will simplify logging in for the user while also increasing security.

Against the context of increasing competition in the fintech space where companies are competing primarily on the basis of user experience, a frictionless flow at critical parts of the user journey, while simultaneously bolstering the security of the login, helps accelerate acquisition and establish your product advantage over competitors vying for the same user.

Beyond Identity makes the authentication process simple

While we've specifically called out these industries as some of the most well-suited for frictionless authentication, no matter what industry you're in, your customers will both benefit and respond to a simpler and quicker authentication experience.

Beyond Identity's customer authentication solution makes zero-friction passwordless authentication simple. Upon enrollment, Beyond Identity immutably binds the user’s identity to their device leveraging proven asymmetric cryptography

During login, instead of passwords, we authenticate customers using only strong factors compliant with PSD2 Strong Customer Authentication requirements — “something you are” from the local device biometric and “something you own” from possession of the tamper-proof private key that never leaves a user’s device. Passwords are never used during registration, login, or recovery which means that you never have to store a shared secret in your application database.

Since what doesn’t exist cannot be stolen or compromised, Beyond Identity Secure Customers makes it possible for you to completely protect customers from account takeovers caused by password-based attacks. Plus, we deliver granular user and device risk signals in real-time so you can enforce an adaptive step-up authentication policy only when risk levels justify additional verification. The best part is that our passwordless platform can be implemented using just a few lines of code. 

Looking to improve the customer experience around authentication, and are ready to ditch the insecure password? We'd love to show you how Beyond Identity can free your customers of password fatigue and help you keep malicious actors out. Ask for a demo today.