When customers forget their passwords, business suffers

June 20, 2017 by Tim Johnson, Mcclatchy Washington Bureau

A lot of money goes unspent in the online world for a simple reason: Shoppers can't remember their passwords.

The average person is registered to 90 online accounts requiring , and the number keeps growing. Few people remember so many passwords.

"About a third of online purchases are abandoned at checkout because consumers cannot remember their passwords," a study conducted jointly by MasterCard and the University of Oxford says this week.

Experts in electronic commerce say major online vendors stand to lose a lot of shoppers if they don't take corrective action.

"For most sites, it would be a multimillion-dollar loss, if not higher," said Christian Holst, a co-founder of Baymard Institute, an independent research entity in Frederiksberg, Denmark that conducts large-scale tests on usability of e-commerce sites.

Passwords are only part of the problem, but a major one. Consumers just can't remember them all, and most online vendors, banks, airlines and others require them. So 51 percent of people use similar passwords over and over, the study found.

"They are variations of passwords they've used for many years. They keep changing the number (at the end) of the password from 1 to 2 to 3 to 4, or move through different special characters," said Ryan Wilk, vice president of customer success at NuData Security, a Vancouver firm that helps companies identify online users based on passive biometrics and behavioral analytics.

"Quite often, people will use the same variation of a similar password across the board and will modify that password's strength based on the requirements of a site," Wilk said.

"Twenty-one percent of users forget passwords after 2 weeks, and 25 percent forget one password at least once a day," the study found.

When online shoppers get into the digital checkout funnel of an e-commerce site but then give up because of a roadblock, it is called "cart abandonment."

It doesn't take much for users to walk away from their e-shopping carts. Online sites routinely have different requirements for passwords. Some demand that they be a certain length. Others require alphanumeric combinations. Still others ask for a symbol to be included.

It is all in the name of security. Online businesses don't want to deal with fraudsters. And consumers don't want their stolen from businesses by hackers.

So users come up with coping strategies. Some shoppers simply hit password reset. But that can bring other problems.

"Some users will start to get impatient after just one or two minutes," Holst said. "Users are extremely impatient online."

At some sites, those who reset passwords must wait to receive an email, and sometimes they have to reply to another confirmation email.

"What we're asking them to do is to stare at the screen for several minutes. One or two minutes will feel like five minutes," he said.

Baymard says it sees an 18.75 percent abandonment rate due to reset email issues.

Potential customers, even after committing to buy something online, are in what e-commerce developer Nirav Sheth calls "a fragile state."

"Any little excuse can cause them to abandon. They are questioning: Do I really want this? Do I really need this?" said Sheth, owner of Anatta Design, an e-commerce design and development agency in Los Angeles.

Outlets that streamline the checkout process, and offer forgetful users a "guest checkout" option if they've forgotten their passwords tend to succeed more, he said.

They focus on having a customer "think less and do less" and are "constantly showing them success messages, things like 'Hey, you did it right!' It's almost like treating them a little bit like a baby, guiding them," Sheth said.

Other issues that can cause shoppers to jump out of the checkout line, experts say, is lack of information about shipping costs and failure to streamline the "clicks" needed to finish a purchase.

"Amazon is famous for their one click, where they can recognize that it is you. You're able to transact with all your stored information. They know all the history of what you've looked at," Wilk said.

But if you're a new customer, it's a different story.

"You're almost in Amazon's learning phase. They're learning who you are. They are learning if they trust you. It's almost that you have to teach Amazon for a while when you're a new customer or a non-repeat customer," Wilk said.

Some websites, particularly those of financial institutions, are leaning more on passive authentication of users, taking sensor data from smartphones or desktop computers of those visiting their websites. But are also experimenting.

"We're seeing a lot of adoption right now," Wilk said.

Smartphones have as many as 10 different sensors in them measuring motion, location, angle of the phone, pressure on the screen, ambient light and other attributes. Some websites can extract that data, at least partially, to help identify and profile a user.

"They can look at many different data points within the device, everything that the device is making publicly available, so things like pressure on the screen when you're typing, how you swipe, and different angles of how you hold your phone. Do you appear to be right-handed or left-handed?" Wilk said.

Such passive biometric data, when compiled by analytic software, can help retailers, bankers and other institutions be assured of the identity of their customers.

"It doesn't exactly say it is you. But if you see that the person who's trying to authenticate is right-handed, and all of a sudden you see the device in a left-handed configuration, you can very easily see that it's a different human interacting," Wilk said.

Explore further: Hackers break into centralized password manager OneLogin

4 shares

Related Stories

Amazon orders reset for some customers' passwords

November 25, 2015

Amazon.com has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords "may have been improperly stored" on devices.

Dropbox says 68 million user IDs stolen

September 1, 2016

Cloud-based data storage company Dropbox said Thursday that user IDs and passwords of some 68 million clients were stolen four years ago and recently leaked onto the internet.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

6 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

24volts
not rated yet Jun 20, 2017
I do a lot of online shopping simply because I cannot get much of the stuff I buy locally. I really don't like companies that force you to 'join' so to speak before you can buy anything or even look to see what they have a lot of times. If I want to get ads from them I will join their mailing list. I don't want to be put on a list just because I wanted to see what they carry to sell. Nor do I want a company to keep my card info on file.
Da Schneib
not rated yet Jun 21, 2017
We're gonna wind up with fingerprints, and we're gonna wind up with fraudsters. Both are inevitable.
Eikka
not rated yet Jun 21, 2017
It is all in the name of security.


It isn't. It's all about customer profiling, and being able to email you spam.

antialias_physorg
not rated yet Jun 21, 2017
"Some users will start to get impatient after just one or two minutes," Holst said. "Users are extremely impatient online."

Well, go to any regular store and see how many customers will put up with a full minute of the guy behind the counter staring blankly at them. Giving an online site a minute to process is already *extremely* generous.
Eikka
not rated yet Jun 22, 2017
Well, go to any regular store and see how many customers will put up with a full minute of the guy behind the counter staring blankly at them. Giving an online site a minute to process is already *extremely* generous.


They're not staring blankly at you, they're processing your items by pulling them through the scanner, and it often takes a minute, on top of the minutes you spend in line just waiting your turn. The difference is, there's an actual physical reason for the wait, whereas with online stores you don't have any feedback so you don't know what's happening and where the holdup is.

It's kinda like the keyboard vs. mouse effect, where the mouse as an input device seems less efficient because you are actually doing less to achieve the same end, whereas the keyboard creates the illusion of greater accomplishment for the effort involved in typing long complicated commands. Hence, people don't actually notice they're being slowed down.
antialias_physorg
not rated yet Jun 22, 2017
Nobody needs to pull anything through a scanner online. Some companies understand that customers don't want glitz - they want service. Why do you think the Google homepage is so bare-bones? Because they can't do HTML? Remember Yahoo? Yep: no one does.

Small story: A company I worked for updated their website. Sent it around to the employees for feedback. Most liked it (Spiffy, with lots of graphics - megabytes and megabytes of it). Of course it loaded up super-fast on the in-house network. But they had never tried it from outside on a slow connection. No, they didn't take heed when some of us programmers pointed this out. Guess what: The number of aborted loads went through the roof.
Those are customers that won't ever come back - not even if you fix the problem. Some companies just have to learn the hard way.

Customer first. PR, second.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.