Should We Trust Social Media Giants with Password Management?
Like it or not, password hacking crimes have become a part of our business world. You may have heard about several incidents throughout recently, and you may have even been affected. We’ll never be rid of cyber hackers completely; there are plenty out there scheming for new ways to attack your digital footprint.
In the consumer world, we’ve grown accustomed to receiving one-time codes on our smartphones to authenticate a login from a different device (a.k.a. multifactor authentication). Every time a multinational institution gets hacked, some of our clients re-educate themselves on password best practices. As end-consumers, we’re reminded to use a mix of capitals, numbers and special characters; never reuse a password on another site; and make them lengthy because longer passwords are harder to break. While some people may be able to use and remember a different complex password for every digital application they have, I doubt the majority of users have this gift!
Many end-consumers are dutifully heeding this advice, using only up to three different passwords for their entire digital footprint. Companies, thus, face a tricky balance between creating a customer-friendly experience and protecting their individual’s identity. Even though these password measures make a lot of sense, you can understand end users’ frustration with their inconvenience.
There’s another approach to this problem though. Something that could help cross the chasm of customer experience and security: social login, the mechanism for registering with or signing onto a site using the credentials of another site—usually a large social network such as Facebook or Twitter. Some companies already allow their users to sign onto their sites this way, but it is far from standard practice to offer this option, perhaps because it is seen merely as a nice luxury. This view of social login as a bonus amenity is folly. Here are three reasons brands should encourage their users to access their sites via social login.
Ease of use that can’t be ignored
From a customer-service standpoint, social login is a no-brainer. Customers only have to remember a few passwords at most, not dozens. No more clicking on “Forgot your password?” links and recreating another code that’s just as likely to be forgotten as the first. Customers appreciate it when brands minimize barriers to site entry—social login almost always increases registration rates, sometimes by up to 50 percent.
Tap into deep cybersecurity forces—for free
The security benefits are even more significant. For starters, social login removes the risk of customers spreading the same password across many sites where credential thieves are waiting—most people rely on the same passcode across multiple entities and, therefore, security is as good as your weakest website security team. Well, how about relying on the most sophisticated security team on the web, who has experience protecting 2 billion users’ credentials? If you could have the Facebook security team escorting you to all your digital properties, it’s like having your own personal digital body guard.
Social login brings a deep expert cybersecurity force. Think about it, by turning over password protection to Facebook (2 billion users), Google (2 billion users) and the like, you’re challenging would-be e-thieves to bypass an armada of security personnel with deep expertise and the best technology at their disposal. Passwords still have inherent vulnerabilities, and end users should still apply all of the measures for stronger passwords with their social login. However, hundreds of security engineers employed by these web giants are watching the door, so to speak, to your account. Whether you’re a startup, mom-and-pop shop, small business, or midsize enterprise, you probably can’t match this kind of manpower, technical chops or security knowhow.
It’s not that these Internet behemoths are bad-actor-proof. However, it’s their ability to detect suspect behavior and respond swiftly before any serious damage can be done that separates them from most of the rest of the business world. They have more behavioral data than most to determine anomalies. Although your company probably isn’t as frequent a target of online vandals as Facebook or Google are, chances are that the rare time you are attacked, not only will you have less sophisticated guards against those attacks, but when hacked lots of time will pass before you have identified a breach. If you don’t know right away that you have been hacked, you (and your customers) can’t take action until it’s too late. Conversely, Facebook quickly uncovers malfeasance and takes action, and your customers will have little no impact as access to your site is quickly resecured.
Security is only going to get more challenging. Therefore, companies should leverage social networks’ ample resources where they can.
Access to valuable user data
Some might point out that biometrics may solve this password problem in the coming years. While it’s true that eye scanners, voice recognition and fingerprint authentication are already in place on the latest devices, they don’t yet enable highly personalized marketing the way social login does today. Through social login, brands get a view into user preferences, interests, activities and overall online behaviors across all social networks, giving them a richer customer profile with which they can better tailor marketing and communication.
Maybe device manufacturers can figure out how to embed this personal behavioral data into biometric authentication somehow. In the meantime, brands should not look at biometrics and social login as an either/or choice. Social login, multifactor authentication, one-time code generation and other current safety measures will still play an important role in protecting the customer even as biometrics technology advances in the coming years. When it comes to account access security, brands should use every tool at their disposal.
