CIAM
CIAM
Resources
Blog
Logging In Sucks!
CIAM

Logging In Sucks!

Written By
Published On

Transcript

Hey folks, welcome back to all the reasons that passwords suck.

This time we're talking about login. Again, standard login screen. Could be a web app, mobile app, whatever. There's a password. All right. What's wrong with this password? You use their presumably created a remember it, right? Actually no! Forgetting passwords is super common.

Now, you might say OK, for security reasons we're going to limit it to three attempts or otherwise you have to call support, which increases your operational costs from password resets, and your users typically don't like doing that unless it's a last resort. Or you might say, you know what, I'm going to help you out. I'm going to send you a one-time password or I'm going to send you a push notification, right? And that's great. Except both of these are phishable factors and require a second device, which again, all of the friction points leads to user drop-off. And if a user drops off at login, user engagement, and retention rates, typically go down, which hurts business revenue.

On the security side, the password actually isn't offering all that much protection. As we mentioned in our registration video, it's a shared secret which means that the password can be written on a sticky note. Plus the password is stored in your database. Both of these are vulnerable to attacks, right? In addition, here attackers can run credential stuffing attacks. Here is a bot. They can run bot attacks against this password field. Running thousands and thousands of variations to attempt to crack this account. Plus you could run into rainbow table attacks. You could run into notification flooding attacks with these methods. All of that leads to account takeover fraud. Now this cost companies millions of dollars per year.

And the problem is, trust is earned, but is easily lost. So the long time of erosion of brand trust actually goes beyond the immediate remediation costs, and can really eat into your company's long-term revenue and revenue growth. All that to say eliminating, the password means, nothing to attack. Bots cannot attack something that, or try to credential stuff a field that doesn't exist. Users no longer need to remember anything. They don't need a second device because this is all conducted via asymmetric cryptography with a private key in the secure enclave of their device. That eliminates shared secrets, and in doing, so you can actually eliminate account takeover fraud.

So, if you want this future for your users, where there's no password nothing to remember nothing, no second devices to pick up, plus there's no risk of account takeover fraud, you can visit us and learn more or contact us for a demo at www.beyondidentity.com.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Popular blogs
Are Account Moochers Putting Your Money at Risk? [Survey]
Learn more →
Lost Value in Customer Authentication Frustration [Survey]
Learn more →
What Brands Get Wrong About Customer Authentication: Why It's Imperative to Get Customer Authentication Right
Learn more →

Logging In Sucks!

Download

Transcript

Hey folks, welcome back to all the reasons that passwords suck.

This time we're talking about login. Again, standard login screen. Could be a web app, mobile app, whatever. There's a password. All right. What's wrong with this password? You use their presumably created a remember it, right? Actually no! Forgetting passwords is super common.

Now, you might say OK, for security reasons we're going to limit it to three attempts or otherwise you have to call support, which increases your operational costs from password resets, and your users typically don't like doing that unless it's a last resort. Or you might say, you know what, I'm going to help you out. I'm going to send you a one-time password or I'm going to send you a push notification, right? And that's great. Except both of these are phishable factors and require a second device, which again, all of the friction points leads to user drop-off. And if a user drops off at login, user engagement, and retention rates, typically go down, which hurts business revenue.

On the security side, the password actually isn't offering all that much protection. As we mentioned in our registration video, it's a shared secret which means that the password can be written on a sticky note. Plus the password is stored in your database. Both of these are vulnerable to attacks, right? In addition, here attackers can run credential stuffing attacks. Here is a bot. They can run bot attacks against this password field. Running thousands and thousands of variations to attempt to crack this account. Plus you could run into rainbow table attacks. You could run into notification flooding attacks with these methods. All of that leads to account takeover fraud. Now this cost companies millions of dollars per year.

And the problem is, trust is earned, but is easily lost. So the long time of erosion of brand trust actually goes beyond the immediate remediation costs, and can really eat into your company's long-term revenue and revenue growth. All that to say eliminating, the password means, nothing to attack. Bots cannot attack something that, or try to credential stuff a field that doesn't exist. Users no longer need to remember anything. They don't need a second device because this is all conducted via asymmetric cryptography with a private key in the secure enclave of their device. That eliminates shared secrets, and in doing, so you can actually eliminate account takeover fraud.

So, if you want this future for your users, where there's no password nothing to remember nothing, no second devices to pick up, plus there's no risk of account takeover fraud, you can visit us and learn more or contact us for a demo at www.beyondidentity.com.

Logging In Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Transcript

Hey folks, welcome back to all the reasons that passwords suck.

This time we're talking about login. Again, standard login screen. Could be a web app, mobile app, whatever. There's a password. All right. What's wrong with this password? You use their presumably created a remember it, right? Actually no! Forgetting passwords is super common.

Now, you might say OK, for security reasons we're going to limit it to three attempts or otherwise you have to call support, which increases your operational costs from password resets, and your users typically don't like doing that unless it's a last resort. Or you might say, you know what, I'm going to help you out. I'm going to send you a one-time password or I'm going to send you a push notification, right? And that's great. Except both of these are phishable factors and require a second device, which again, all of the friction points leads to user drop-off. And if a user drops off at login, user engagement, and retention rates, typically go down, which hurts business revenue.

On the security side, the password actually isn't offering all that much protection. As we mentioned in our registration video, it's a shared secret which means that the password can be written on a sticky note. Plus the password is stored in your database. Both of these are vulnerable to attacks, right? In addition, here attackers can run credential stuffing attacks. Here is a bot. They can run bot attacks against this password field. Running thousands and thousands of variations to attempt to crack this account. Plus you could run into rainbow table attacks. You could run into notification flooding attacks with these methods. All of that leads to account takeover fraud. Now this cost companies millions of dollars per year.

And the problem is, trust is earned, but is easily lost. So the long time of erosion of brand trust actually goes beyond the immediate remediation costs, and can really eat into your company's long-term revenue and revenue growth. All that to say eliminating, the password means, nothing to attack. Bots cannot attack something that, or try to credential stuff a field that doesn't exist. Users no longer need to remember anything. They don't need a second device because this is all conducted via asymmetric cryptography with a private key in the secure enclave of their device. That eliminates shared secrets, and in doing, so you can actually eliminate account takeover fraud.

So, if you want this future for your users, where there's no password nothing to remember nothing, no second devices to pick up, plus there's no risk of account takeover fraud, you can visit us and learn more or contact us for a demo at www.beyondidentity.com.

Logging In Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Transcript

Hey folks, welcome back to all the reasons that passwords suck.

This time we're talking about login. Again, standard login screen. Could be a web app, mobile app, whatever. There's a password. All right. What's wrong with this password? You use their presumably created a remember it, right? Actually no! Forgetting passwords is super common.

Now, you might say OK, for security reasons we're going to limit it to three attempts or otherwise you have to call support, which increases your operational costs from password resets, and your users typically don't like doing that unless it's a last resort. Or you might say, you know what, I'm going to help you out. I'm going to send you a one-time password or I'm going to send you a push notification, right? And that's great. Except both of these are phishable factors and require a second device, which again, all of the friction points leads to user drop-off. And if a user drops off at login, user engagement, and retention rates, typically go down, which hurts business revenue.

On the security side, the password actually isn't offering all that much protection. As we mentioned in our registration video, it's a shared secret which means that the password can be written on a sticky note. Plus the password is stored in your database. Both of these are vulnerable to attacks, right? In addition, here attackers can run credential stuffing attacks. Here is a bot. They can run bot attacks against this password field. Running thousands and thousands of variations to attempt to crack this account. Plus you could run into rainbow table attacks. You could run into notification flooding attacks with these methods. All of that leads to account takeover fraud. Now this cost companies millions of dollars per year.

And the problem is, trust is earned, but is easily lost. So the long time of erosion of brand trust actually goes beyond the immediate remediation costs, and can really eat into your company's long-term revenue and revenue growth. All that to say eliminating, the password means, nothing to attack. Bots cannot attack something that, or try to credential stuff a field that doesn't exist. Users no longer need to remember anything. They don't need a second device because this is all conducted via asymmetric cryptography with a private key in the secure enclave of their device. That eliminates shared secrets, and in doing, so you can actually eliminate account takeover fraud.

So, if you want this future for your users, where there's no password nothing to remember nothing, no second devices to pick up, plus there's no risk of account takeover fraud, you can visit us and learn more or contact us for a demo at www.beyondidentity.com.

Book

Logging In Sucks!

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept