Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy.\u00a0Learn more<\/em><\/p>\n\n\n\n From passwords to passkeys to a veritable alphabet soup of other options \u2014 second-factor authentication (2FA)\/one-time passwords (OTP), multi-factor authentication (MFA), single sign-on (SSO), silent network authentication (SNA) \u2014 when it comes to a preeminent or even preferred type of identity authentication, there is little consensus among businesses or customers.<\/p>\n\n\n\n What there is agreement on, however, is the necessity of these tools. The FIDO Alliance found that more than half of customers (53%) saw an increase in suspicious messages and online scams in 2024. This was largely driven through SMS, email and phone calls, and was only exacerbated by advancements in AI. <\/p>\n\n\n\n Even at a time when we continue to see staggering increases in fraud and related losses \u2014 the Federal Trade Commission received more than 1.1 million reports of identity theft last year alone \u2014 businesses must do their best to walk a tightrope between robust security and effortless convenience. Over-index on either and you risk alienating customers \u2014 too few hoops and you lose their trust, too many and you lose their patience.<\/p>\n\n\n\n So, how do businesses strike this fragile balance and implement effective authentication solutions?\u00a0<\/p>\n\n\n\n When it comes to authentication, what businesses decree to employees rarely translates to customers. We transitioned to WebAuthn as the only form of 2FA for employee authentication, a company-wide mandate that took a few weeks. This \u2018forced adoption\u2019 works when your employees don\u2019t have a choice, but your customers do.\u00a0<\/p>\n\n\n\n Recently, I wanted to book a hotel for my family vacation, so I went to my favorite travel site, found the perfect room at a reasonable rate, and went to finalize the transaction. One problem: I kept running into an issue with CAPTCHA on their page \u2014 once, twice. After the third attempt I left, found the same room at the same rate on their competitor\u2019s site, and booked.\u00a0<\/p>\n\n\n\n Businesses can dedicate massive budgets to top-of-funnel marketing that drive customers to their websites, products and services, but if friction in the user experience prevents conversion \u2014 authentication often as the initial touchpoint \u2014 it\u2019s wasted investment. Forty percent of businesses say one of their most pressing challenges is finding a balance between security and customer experience, particularly reducing friction during account signup.<\/p>\n\n\n\n Customer behavior is hard to modify, particularly around the adoption of new technology. It doesn\u2019t matter if biometrics or public-key cryptography are more secure, if it isn\u2019t equally seamless to use, customer adoption will lag. Why do you think so many people still rely on easy-to-guess passwords (you know who you are!). The reality is you simply can\u2019t force customer adoption \u2014 businesses that get authentication right recognize the needs and limitations of their customers, meet them where they\u2019re comfortable and understand it can\u2019t be one-size-fits-all.<\/p>\n\n\n\n In this fray over friction versus freedom, the future of authentication will be driven by continuous signals rather than arbitrary identity check points like logins or purchases. Think of authentication as a brake system, where businesses can depress or release the pedal to increase or decrease friction based on customer behaviors. <\/p>\n\n\n\n Let\u2019s say I receive a promotion for 20% off new tires from my regular auto shop. If I click on the notification, I\u2019d expect a seamless login experience \u2014 they sent me the message, I\u2019m a long-time customer and I\u2019m using their application from a known device. But let\u2019s say I travel to Kansas City for work. If I open my laptop and I\u2019m still logged into my favorite e-commerce platform, I\u2019d expect them to log me out or require proof of identity to continue the session, as I\u2019m in a completely different location based on previous purchase history.\u00a0<\/p>\n\n\n\n Think of the ecosystem of applications \u2014 shopping, email, social media, home security, streaming services \u2014 where we log in once and rarely (if ever) log out. What happens if your device is lost or stolen or your session is hijacked? Businesses must embrace a zero-trust mindset, where authentication isn\u2019t simply to show your identification at the door then you\u2019re free to roam the club, but a continuous risk-based process that scales friction based on your activity.<\/p>\n\n\n\n The wrinkle here, like so many sectors right now, is AI. Earlier in my career, I built bot detection models for a startup to distinguish human behaviors from machines. We\u2019d monitor how many clicks we\u2019d get from the IP and user agent string and if it was more than N in a second then we\u2019d assume it was a bot and block that traffic. But now, as we pass the reins to AI assistants and autonomous agents to make dinner reservations, set appointments or purchase movie tickets, how do you distinguish between a nefarious bot or one working on your behalf? This is the future of authentication and the bleeding-edge work enterprises in the industry continue to pioneer.<\/p>\n\n\n\n Despite new authentication methods in perpetual development and an ascension of regional requirements like Singapore\u2019s Singpass or the EU\u2019s Digital Identity Wallet, no single tool will ever own complete market share \u2014 some customers will always prefer the simplicity of options like OTP, while others will demand the stringency of passkeys or other modern tools.\u00a0<\/p>\n\n\n\n The onus will remain on businesses to provide a breadth of choices to meet customers where they are and <\/em>implement strategies to keep the root of each method secure from smishing\/phishing, social engineering or a plentitude of other identity-based attacks. This authentication tug-of-war between friction and freedom won\u2019t be won by those who prioritize one or the other, but those who can walk the tightrope between both to guide their customers to seamless yet secure experiences.<\/p>\n\n\n\n Anurag Dodeja is head of product, user authentication and identity at Twilio<\/em>. <\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>The customer is always right<\/h2>\n\n\n\n
A signal-driven future<\/h2>\n\n\n\n
Authentication: An \u2018and\u2019 <\/em>not \u2018or\u2019 <\/em>proposition<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n