Account Recovery Sucks!
Hi. Welcome. My name is Jing. I'm the senior product marketing manager here at Beyond Identity, and today, we are going to talk about why password-based account recovery sucks. So let's get started.
You have a user. The user came to your app. Amazing. They wanna do something with your app. Typically, that involves a transaction. That's why you see a shopping cart there. But what happened here? They forgot a password. This is a typical reset screen, right? You provide your email, you click next. Then what happens? Well, the user actually is pushed out of your application to their email provider. Now, there's some security vulnerabilities with this email because it's protected by a password, attackers can still hack into this email. So the entire security of this user's account is now reliant on this email, right? So that's the first issue.
Let's say they click the link in the email. Now they're faced with the password reset entry page, right? What do you want your new password to be? What happens a lot of times here is it can't be a previously used password, it needs to meet all of these password requirements, which creates a lot of friction in the user experience. So what happens to the user, right? They actually just drop off.
In fact, what was supposed to be a frictionless transaction, now this transaction just might not happen. In fact, 70% of users according to research drop off if they have issues with their password reset. This represents a tremendous loss of revenue for the company because you already got a user there. They were ready to transact and you lost them at reset.
What's more, you are also losing a lot in operational costs in the form of support calls. So your support teams are overloaded with password reset calls, customer satisfaction falls, and the transaction isn't completed. This is a problem with the traditional password reset, right?
So at Beyond Identity, we looked at this and said, "You know what? If we can just get rid of the password, we can get rid of the password reset." That means your support desk no longer needs to field all of these reset calls all day every day, and your customers can have a better journey to transact within your application. If, you know, a customer wants to add additional trusted devices, they can extend their credential using a QR code or they can reenroll in password lists should they lose all their trusted devices.
I would encourage everyone to check us out at www.beyondidentity.com and see a demo of how our secure customer solution works. Thanks.