6 rules to follow to provide a simple and secure login experience
A user-friendly login experience that is as secure as it is straightforward, is something that is often taken for granted and getting it right is not always as simple as it looks. This article explores the things you need to consider to make sure users get the experience they want, as well as the security they need.
Why is the login UX so important?
The login UX process is first and foremost a matter of trust. Do your users trust the security of their data? And can you trust the systems and processes you have in place to keep malicious threats at bay?
Alongside these concerns, there is also the question of UX – after all, your security may be top-notch, but if your users find it hard to navigate, they simply won’t bother. For a login journey to be deemed successful, you’ll need to find the sweet spot where security and UX meet. Here are six rules that can make all the difference:
Connection UX: 6 rules to make a difference
1. Protect your user’s identity with two-step authentication
Web security is undoubtedly important and when it comes to the login process it’s something that has to be taken seriously.
With 80% of password breaches¹, it’s clear they are no longer an effective way to counter the many sophisticated ways that cyber criminals operate: you and your users need extra security to avoid a breach.
One of the easiest ways to create this “extra layer of security” is to use multi-factor authentication. You will hear about 2FA or MFA. With these kinds of methods, a stolen password for example will not allow a malicious person to access the account.
Companies of any size can gain from implementing two-step authentication, so it’s perhaps not surprising to learn that its use is growing: with 77% adoption in the UK, vs 67% in the US². SMS is the most common factor used in those two-step authentication experiences (85%), followed closely by email (58%) and mobile passcode (44%)². Quite simply, it makes sense to reduce the risk of security breaches by implementing strong authentication (MFA), or two-step authentication (2FA).
2. Offer a passwordless login UX
For some time now, Microsoft has been telling us that the adoption of passwordless methods is on the rise – with a reported 150million people using passwordless methods each month by May 2020.³
That number has no doubt risen and offering passwordless login is about more than just user preference – in fact, it has a vital role to play in reducing security risks as well.
From a user perspective, it’s often a positive not to have to remember another password and with phishing, hacking and other malicious cyber-crimes on the rise, making sure passwords aren’t compromised is increasingly difficult.
Passwordless UX login means there are no passwords to lose or have stolen and thus the likelihood of a major security breach is greatly reduced. Other benefits to businesses include – a better user experience overall and reduced IT time and costs. Although it’s not always achievable for every business, it should be considered the gold-standard.
3. Allow your users to use any device to authenticate their login
For most users, when it comes to priorities, convenience is right up there with security, which is why it’s important for users to be able to use any device to authenticate their login. This could be using personal mobile phones, or a tablet in addition to a laptop or desktop.
Once it’s set up, this is a straightforward process, and dramatically improves a users’ connection experience. This is super important, since the biggest issues for many users when it comes to sign in pages is complexity – worst case scenario, it can result in a complete loss of login intent.
By simplifying the UX experience, it's possible to provide the convenience users want, thereby increasing trust and ensuring your users can access the information they need from virtually anywhere.
4. Give your users the gift of autonomy – allow them selfcare management
Now this is where both you and your users will find tangible benefit.
Gartner found that between 20-50% of all IT help desk calls are for password resets, and helpdesks receive on average, 21 calls per user, per year.⁴
So, by giving users the ability to find solutions to their issues quickly and efficiently and without having recourse to a service centre or call staff, they will be pleased to avoid yet another helpdesk call and you will benefit from a reduced contact load and a less time-consuming approach to issues management.
While not every issue can be dealt with in this way, it’s definitely a straightforward way to solve some of the most often cited annoyances when it comes to the login journey and the benefits you’ll reap from a UX perspective mean that it’s worth the initial set up time and expenditure.
5. Adapt the connection path with contextual rules
Context based rules are a form of adaptive authentication. Quite simply, this is another way to prevent unauthorized access to systems, by authenticating a user based on the level of risk they present during their attempt to login.
This could include permissions based on the device being used, the IP address or other factors such as location and role. Multi-factor authentication (such as that described in the first point above) is a vital part of this process.
6. Streamline user authentication across applications
Finally, it’s advisable to streamline user authentication across all apps. Single sign-on (SSO) is one way to do this.
You’ll be able to maintain a high level of clarity for users about what to expect and the steps they need to take to login, all while building familiarity and reducing the likelihood of user error and customer service contacts.
The golden rule is: the less time it takes to connect, the better.
As a general rule of thumb, the less time spent logging in, the better and to ensure an efficient process, your users need to be able to focus, know exactly which information they need to provide and the means necessary to do so.
Whether it being for internal or external users, don't neglect the login UX any longer
It’s clear that the login page is fundamental to the user experience of your internal and external applications. Therefore, it makes sense to invest time in making sure that it is optimal. While these six rules are likely to make a huge difference, it is worth remembering that it is useful to design your page in such a way that it is visually appealing but without any distractions that may hinder the user’s login.
This important login step, which allows users to access your internal and external applications, needs to be simple to help you achieve your overall business goals. The service offered by TrustBuilder can help by providing high security multi-factor authentication that will ensure your users get the simple, design (custom branded) and secure login they deserve.
Source:
(1) https://secureframe.com/blog/password-statistics
(2) https://www.channele2e.com/technology/security/two-factor-authentication-2fa-adoption-surges/
(3) https://www.zdnet.com/article/microsoft-150-million-people-are-using-passwordless-logins-each-month/
(4) https://www.helpnetsecurity.com/2019/04/12/password-less-security-benefits-helpdesks/
