CIAM
CIAM
Resources
Blog
Account Recovery Sucks!
CIAM

Account Recovery Sucks!

Written By
Published On

Transcription

Hi. Welcome. My name is Jing. I'm the senior product marketing manager here at Beyond Identity, and today, we are going to talk about why password-based account recovery sucks. So let's get started.

You have a user. The user came to your app. Amazing. They wanna do something with your app. Typically, that involves a transaction. That's why you see a shopping cart there. But what happened here? They forgot a password. This is a typical reset screen, right? You provide your email, you click next. Then what happens? Well, the user actually is pushed out of your application to their email provider. Now, there's some security vulnerabilities with this email because it's protected by a password, attackers can still hack into this email. So the entire security of this user's account is now reliant on this email, right? So that's the first issue.

Let's say they click the link in the email. Now they're faced with the password reset entry page, right? What do you want your new password to be? What happens a lot of times here is it can't be a previously used password, it needs to meet all of these password requirements, which creates a lot of friction in the user experience. So what happens to the user, right? They actually just drop off.

In fact, what was supposed to be a frictionless transaction, now this transaction just might not happen. In fact, 70% of users according to research drop off if they have issues with their password reset. This represents a tremendous loss of revenue for the company because you already got a user there. They were ready to transact and you lost them at reset.

What's more, you are also losing a lot in operational costs in the form of support calls. So your support teams are overloaded with password reset calls, customer satisfaction falls, and the transaction isn't completed. This is a problem with the traditional password reset, right?

So at Beyond Identity, we looked at this and said, "You know what? If we can just get rid of the password, we can get rid of the password reset." That means your support desk no longer needs to field all of these reset calls all day every day, and your customers can have a better journey to transact within your application. If, you know, a customer wants to add additional trusted devices, they can extend their credential using a QR code or they can reenroll in password lists should they lose all their trusted devices.

I would encourage everyone to check us out at www.beyondidentity.com and see a demo of how our secure customer solution works. Thanks.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Popular blogs
Are Account Moochers Putting Your Money at Risk? [Survey]
Learn more →
Lost Value in Customer Authentication Frustration [Survey]
Learn more →
What Brands Get Wrong About Customer Authentication: Why It's Imperative to Get Customer Authentication Right
Learn more →

Account Recovery Sucks!

Download

Transcription

Hi. Welcome. My name is Jing. I'm the senior product marketing manager here at Beyond Identity, and today, we are going to talk about why password-based account recovery sucks. So let's get started.

You have a user. The user came to your app. Amazing. They wanna do something with your app. Typically, that involves a transaction. That's why you see a shopping cart there. But what happened here? They forgot a password. This is a typical reset screen, right? You provide your email, you click next. Then what happens? Well, the user actually is pushed out of your application to their email provider. Now, there's some security vulnerabilities with this email because it's protected by a password, attackers can still hack into this email. So the entire security of this user's account is now reliant on this email, right? So that's the first issue.

Let's say they click the link in the email. Now they're faced with the password reset entry page, right? What do you want your new password to be? What happens a lot of times here is it can't be a previously used password, it needs to meet all of these password requirements, which creates a lot of friction in the user experience. So what happens to the user, right? They actually just drop off.

In fact, what was supposed to be a frictionless transaction, now this transaction just might not happen. In fact, 70% of users according to research drop off if they have issues with their password reset. This represents a tremendous loss of revenue for the company because you already got a user there. They were ready to transact and you lost them at reset.

What's more, you are also losing a lot in operational costs in the form of support calls. So your support teams are overloaded with password reset calls, customer satisfaction falls, and the transaction isn't completed. This is a problem with the traditional password reset, right?

So at Beyond Identity, we looked at this and said, "You know what? If we can just get rid of the password, we can get rid of the password reset." That means your support desk no longer needs to field all of these reset calls all day every day, and your customers can have a better journey to transact within your application. If, you know, a customer wants to add additional trusted devices, they can extend their credential using a QR code or they can reenroll in password lists should they lose all their trusted devices.

I would encourage everyone to check us out at www.beyondidentity.com and see a demo of how our secure customer solution works. Thanks.

Account Recovery Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Transcription

Hi. Welcome. My name is Jing. I'm the senior product marketing manager here at Beyond Identity, and today, we are going to talk about why password-based account recovery sucks. So let's get started.

You have a user. The user came to your app. Amazing. They wanna do something with your app. Typically, that involves a transaction. That's why you see a shopping cart there. But what happened here? They forgot a password. This is a typical reset screen, right? You provide your email, you click next. Then what happens? Well, the user actually is pushed out of your application to their email provider. Now, there's some security vulnerabilities with this email because it's protected by a password, attackers can still hack into this email. So the entire security of this user's account is now reliant on this email, right? So that's the first issue.

Let's say they click the link in the email. Now they're faced with the password reset entry page, right? What do you want your new password to be? What happens a lot of times here is it can't be a previously used password, it needs to meet all of these password requirements, which creates a lot of friction in the user experience. So what happens to the user, right? They actually just drop off.

In fact, what was supposed to be a frictionless transaction, now this transaction just might not happen. In fact, 70% of users according to research drop off if they have issues with their password reset. This represents a tremendous loss of revenue for the company because you already got a user there. They were ready to transact and you lost them at reset.

What's more, you are also losing a lot in operational costs in the form of support calls. So your support teams are overloaded with password reset calls, customer satisfaction falls, and the transaction isn't completed. This is a problem with the traditional password reset, right?

So at Beyond Identity, we looked at this and said, "You know what? If we can just get rid of the password, we can get rid of the password reset." That means your support desk no longer needs to field all of these reset calls all day every day, and your customers can have a better journey to transact within your application. If, you know, a customer wants to add additional trusted devices, they can extend their credential using a QR code or they can reenroll in password lists should they lose all their trusted devices.

I would encourage everyone to check us out at www.beyondidentity.com and see a demo of how our secure customer solution works. Thanks.

Account Recovery Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Transcription

Hi. Welcome. My name is Jing. I'm the senior product marketing manager here at Beyond Identity, and today, we are going to talk about why password-based account recovery sucks. So let's get started.

You have a user. The user came to your app. Amazing. They wanna do something with your app. Typically, that involves a transaction. That's why you see a shopping cart there. But what happened here? They forgot a password. This is a typical reset screen, right? You provide your email, you click next. Then what happens? Well, the user actually is pushed out of your application to their email provider. Now, there's some security vulnerabilities with this email because it's protected by a password, attackers can still hack into this email. So the entire security of this user's account is now reliant on this email, right? So that's the first issue.

Let's say they click the link in the email. Now they're faced with the password reset entry page, right? What do you want your new password to be? What happens a lot of times here is it can't be a previously used password, it needs to meet all of these password requirements, which creates a lot of friction in the user experience. So what happens to the user, right? They actually just drop off.

In fact, what was supposed to be a frictionless transaction, now this transaction just might not happen. In fact, 70% of users according to research drop off if they have issues with their password reset. This represents a tremendous loss of revenue for the company because you already got a user there. They were ready to transact and you lost them at reset.

What's more, you are also losing a lot in operational costs in the form of support calls. So your support teams are overloaded with password reset calls, customer satisfaction falls, and the transaction isn't completed. This is a problem with the traditional password reset, right?

So at Beyond Identity, we looked at this and said, "You know what? If we can just get rid of the password, we can get rid of the password reset." That means your support desk no longer needs to field all of these reset calls all day every day, and your customers can have a better journey to transact within your application. If, you know, a customer wants to add additional trusted devices, they can extend their credential using a QR code or they can reenroll in password lists should they lose all their trusted devices.

I would encourage everyone to check us out at www.beyondidentity.com and see a demo of how our secure customer solution works. Thanks.

Book

Account Recovery Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept