No one cares! That’s not true, but essentially no one cares. Bringing up user security in an organization is like walking into a sports bar and talking about statistics. It matters, probably far more than the basic arguments being made in the bar, but does anyone in that bar really want to hear about stats? No. There are, however, large analytics departments in sports just as there are large security departments in companies.
A fully passwordless internet is a foregone conclusion. CTOs, CIOs, developers, and, most importantly, consumers are all aligned in wanting to phase out the clunky password-based authentication paradigm we have today to improve both security and user experience. What’s less clear is what the passwordless future will look like and how we’ll get there. Balancing security against ease of use, while accounting for learning curves, edge cases, and imperfect human behavior, requires a thoughtful approach to implementing innovative login mechanisms. QR login, leveraging biometrics-enabled smartphone apps with a password fallback, is the smoothest and most secure bridge for transitioning users to a fully passwordless experience.
Last week I tried to make a wire transfer. Simple enough, should have taken me two minutes. Needless to say, it didn’t. First, I pulled out my phone and logged into my banking app. It was easy – I entered my username and password once a few years ago and now I login by leveraging FaceID. It takes <1 second. I love it. Unfortunately, my bank’s mobile app doesn’t have great wire transfer functionality so I grabbed my computer to log in on desktop.