Richard Marr
Aug 17, 2020

Brands, is it time to ditch passwords?

As brands digitise they must balance security with a frictionless customer experience, and there are better ways to do it than passwords, says the APAC leader of a user identity technology firm.

Brands, is it time to ditch passwords?

This year has seen an almighty jolt for digitisation as brands are faced with the real prospect of shaping up or shipping out. With this increased shift to online, the front-of-house touch point for many brands is no longer a young Singaporean behind a counter, or a clean-cut teller discussing finances. Instead, a mobile or desktop user interface, and more specifically, the login screen, is now often a customer’s first interaction with a brand.

For decades this experience has evolved around the tried and true method of username and password, but to the detriment of two core aspects: customer experience and cybersecurity.

So often I hear stories of these two opposing forces stepping on each other’s head to gain ascendancy, and C-suites feeling the only way forward with one, is to sacrifice the other. A true dichotomy. But these two pillars shouldn’t be considered yin and yang.

Both were at the top of the list before Covid-19, but now that everyone is at home and online, the need for these two to marry has only exacerbated. Customer retention and acquisition relies on it.

Customer experience

With the level of competition in the current market it’s simply not enough to have ‘good’ customer experience. Consumers can switch to another brand as easily as scrolling another centimetre on Google.

Think of the process involved when your customer has forgotten their username and password—not uncommon. They need to move through a multistep recovery system with several click-through stages, potential time delays and sometimes even a phone call where they are required to recall their first pet’s name. During this time, it’s very feasible they think, ‘maybe I will scroll that extra centimetre’.

Take an example of an energy company. Energy company users often only log-in to check or pay their bills, that’s it. The chances of them remembering an 8-12 letter password with a capital letter, a number and a special symbol they haven’t used in a few months is low. Cue many having to go through the ‘forgotten details’ rigmarole each time they try to pay a bill—perhaps not the great customer experience that the company was aiming for. Secure, yes, but not so user-friendly. And we’re back at our dichotomy.


More traffic online means more risk of cyber fraud, it’s as simple as that. More consumers are at risk and in tandem, as we shift to digital, have likely increased their volume of online accounts. Add in the fact that consumers are often using the same password and email username combination, and it results in even further vulnerability. If one account can be hacked, they all can.

What is even more concerning is the lack of multi-factor authentication being used. The VMWare Carbon Black Global Threat Report 2020 found nearly one third of Singaporean respondents (32%) recounted the inability to institute multi-factor authentication as the biggest threat to their company.

Not only is there increased traffic but there is a good chunk of consumers coming online for the first time or with little digital experience. Think of your grandparents using more online tools and services to stay connected socially and to conduct their day-to-day business. This isn’t by choice but by necessity, adding a vulnerable new group into the mix.

Stepping away from passwords

While the login functionality is only one cog in the wheel of the digital experience, it’s unavoidable, has a huge impact on CX and cybersecurity and takes a lot of investment to get it right.

Using social media logins is one way to avoid your customers’ needing to remember another email/password combo, in turn making your service easier and more appealing. A big plus is these social providers have some of the most world’s most sophisticated security teams working in your court, with all eyes on them from a compliance perspective.

Unique SMS or email codes, also known as One Time Passwords (OTPs) is another way to eliminate the need for recall. OTPs are quick and highly effective for low-frequency yet important accounts. This is exactly the solution the aforementioned energy company could implement, creating a much better experience and heightening security at the same time.

Biometrics such as fingerprint scanning and facial recognition, which many will be familiar with via their smartphones, are also on the rise and offer a frictionless and secure experience for the end-user.

One thing that these solutions have in common? All address customer experience and security in tandem.

When it works well, no one will ring you and say, ‘hey, that was a great authentication experience’. But when it doesn’t, customers will be quick to raise an issue or worse, switch to a competitor.

Is this the end of the age of passwords? Not quite yet. There are still plenty of examples where username/password is a strong authentication solution, but Covid-19 as the catalyst for digitisation has put the writing on the wall. Brands need to meet the consumers where they are and not the other way around.

Richard Marr is the Sydney-based APAC regional director of user identity technology platform Auth0

Related Articles

Just Published

5 hours ago

TBWA CEO redefines objectives for a new era

Troy Ruhanen outlines key roles for Asia, design, and consulting as clients face economic challenges.

6 hours ago

Move and win roundup: Week of December 5, 2022

Ogilvy PR, Enigma, Viddsee, Bastion and more to come in Campaign Asia-Pacific’s weekly round-up of account wins and people hires.

22 hours ago

Avian WE Group CEO Nitin Mantri inducted into ICCO ...

Mantri was the first ICCO president from Asia.