Skip to main content

Back to Blog

Strong Authentication vs. User Experience

Balancing Made Easier

All enterprises balance their need for strong authentication security against a frictionless user login process. Most fraud and account takeover security products focus on system integrity without much regard for user experience.

Companies that position their security measures solely as enterprise protection can foster frustrating user experiences. And some strong authentication methods that can dissuade users:

  • 2Factor Authentication (2FA) and Multi-factor Authentication (MFA). These systems create frustration when customers are greeted with authentication codes and other methods to confirm account access. They have multiple points of failure which lead to higher user abandonment rates. 
  • Adaptive Authentication. These systems cross-reference IP address, geolocation, device reputation and other behaviors to assign a risk score to an inbound login session and step-up authentication factors accordingly. To increase effectiveness, they tend to be tuned aggressively, adding additional authentication factors in relatively benign cases.  In many instances, this increases customer frustration and abandonment.
  • Biometric Authentication. These systems use biometric data from users to confirm identity during future log-ins. Widespread use of these systems is impractical because not all current technologies and devices have biometric capabilities.  While biometrics can improve user experience when available, they do little to strengthen security since they must rely on a fallback to password-based authentication when the biometric fails or is unavailable. 

71% of the respondents to an Akamai/Ponemon Institute survey said that preventing credential stuffing attacks is difficult because fixes that prevent such action might diminish the web experience for legitimate users. 

Credential screening is different.

While emphasizing user experience, compromised credential screening also adds a strong security layer to the authentication process by:

  • Seamlessly screening usernames and passwords to identify compromised credentials at the point of user login.
  • Encouraging users to select better passwords when they reset their password.
  • Alerting users to their exposed credentials with immediate notice.
  • Providing a definitive risk result: entered credentials are either compromised or not.
  • Supporting a flexible, site-defined response when compromised credentials are detected.

How it works.

Enzoic built its credential screening products with the understanding that consumers use the same login credentials across multiple sites. When a user logs in, Enzoic compares their credentials against a continuously updated database of compromised credentials. This process is behind-the-scenes and adds negligible latency to the login process. 

If the user’s credentials have been compromised, a range of responses can be taken: companies may force an immediate password reset, clear credit cards on the account, require an additional auth factor, or log for additional analysis. This protects the user’s account and maintains enterprise security against credential stuffing and account takeover attacks launched by cybercriminals.

It is a simple fact that strong authentication will impact user experience and effectiveness.

With Enzoic, your organization can now manage how significant that impact is.