Security by Design means UX by Design
Smartphones have long been recommended for the convenience they offer, and there’s no denying their tremendous impact on the user experience. As part of a multi-factor authentication solution, while they may be a popular choice, experience has shown that they may not be the most secure way to protect your systems and data. Let’s take a closer look at Smartphoneless.
The combination login/password remains the most used tool to date. However, over time, hackers have developed a wide variety of techniques, which have become increasingly effective, to steal these credentials and usurp identities. In response, the level of requirements for password management has increased significantly:
- Mandatory complexity of passwords (length, characters used, etc.)
- Unique password for each service used
- Automatic logout of accounts/profiles, requiring regular reconnection with the above constraints
To strengthen the password-based security model, the UX has been deteriorated and the idea has been established that more security = more complexity.
Why human behaviour is the main weakness of security
With all these requirements and constraints which come with the login/password combination, it is not surprising that human behaviour is the main weakness of security measures.
Common mistakes?
Use a password that is not secure enough
The famous "123456" and "123456789" are used by 23.6 and 7.7 million people respectively. Other top 5 passwords include qwerty (3.8 million), password (3.6 million) and 111111 (3.1 million). *
Use the same password on multiple platforms / tools
91% of users say they know that using the same password on several sites presents a risk, but 66% of them admit to reusing an existing password to register on a new platform - up 8% compared to the previous study. **
Keeping your password on a post-it or in a text file
3 out of 10 users centralize their passwords on paper. ***
Communicate your password
It is not uncommon to see passwords being sent to a colleague or a relative by e-mail or other means.
Never renew your password
80% of respondents are concerned that their password may be compromised, but 48% never change it if the service they are using does not require it. ***
Do not change your password after being hacked
Only about one-third of users usually change their password after being notified of a data breach. ****
The password security model, which was intended to be more secure, has, in fact, been made more vulnerable by the increasing number of constraints.
It’s by no means a foregone conclusion.
To counteract this trend, the user experience as such must be integrated into the design of the security solution itself.
Combining security and a seamless connection experience
Let’s take a closer look at what solutions on the market offer in terms of connection experience. You’ll be surprised to find that you probably don’t use the easiest, fastest, or even the most secure solution unless you’re a customer of a good strong authentication solution.
| Features | Login/password | Login/password + OTP SMS | inWebo Technology |
| Security | ☆ ☆ ☆ ☆ ☆ | ★ ☆ ☆ ☆ ☆ | ★ ★ ★ ★ ★ |
| Offline mode (connect without mobile network) | ✔ | ✗ | ✔ |
| Fast connection experience (if you remember your password) | ★ ★ ☆ ☆ ☆ | ★ ☆ ☆ ☆ ☆ | ★ ★ ★ ★ ★ |
| Replace complex password with a PIN code | ✗ | ✗ | ✔ |
| Use the same password (or PIN) on multiple sites | ✗ | ✗ | ✔ |
| Connect via a trusted browser (Browser Token) | ✗ | ✗ | ✔ |
| Connection without smartphone | ✔ | ✗ | ✔ |
| Automatic entry of the OTP (no manual entry necessary) | – | ✗ | ✔ |
Security should not be synonymous with complexity! That’s why inWebo provides a smoother user experience while guaranteeing a much higher level of security than any other solution.
User experience beyond connection
Enrollment
In order to make the enrolment simple and fast, inWebo relies on software tokens, which can be deployed in only 3 clicks to tens of thousands of users. With tokens available on computers, tablets, smartphones and browsers (exclusive!), you don’t even have to worry about the equipment of your users. ➜ 99% customer satisfaction and loyaltySelfcare
Users can self-manage their trusted devices, restore their authentication method or enroll themselves on other devices. ➜ Fewer help desk calls and lower maintenance costsMobility, remote work, BYOD
By working on universal tokens, compatible with all types of digital equipment, inWebo allows you to secure all the resources needed to implement any new modern work organization. ➜ Time saving and productivityIntegration and deployment
With hundreds of integrations ready to use, compatibility with all protocols on the market and our API/SDK, inWebo offers all the necessary tools for developers to integrate the solution easily and rapidly, without any modification of their existing technical architecture.When user experience is part of security
Security by Design = UX by Design
As part of a reliable security policy, you need to protect your users’ identities and access without compromising their experience. inWebo Strong Authentication offers the highest security on the market with an approach to the user experience extended to all dimensions of authentication:
- user login
- enrollment
- reset
- admin portal
- integrations
Take advantage of a 30-day free, no obligation trial, or contact us to request a demo.
* Report of the National Cyber Security Centre (NCSC)
** Study conducted by the LastPass password manager, 2020
*** CNIL/Médiamétrie 2018 Barometer on digital practices and personal data control
