How passwords can jeopardize revenue and security ...
CRM and CX Blogs by SAP
Stay up-to-date on the latest developments and product news about intelligent customer experience and CRM technologies through blog posts from SAP experts.
What do “123456”, “password” and “iloveyou” have in common? They are among the most used, most predictable, and ultimately most hacked passwords worldwide – and a real threat for users and businesses alike. Weak, stolen or reused passwords cause 81 percent of data breaches. Those leaks are not just a vulnerability to businesses but also threaten security and revenues. And still: In order to access the full online experience on a vast majority of websites and online services, users are required to create an account – which is cumbersome and requires yet another password to manage. Many users already jump off at this point.
SAP Customer Data Clouddata shows that only a fraction of site visitors ends up registering online and on average 17 percent of users need to reset their password on almost every subsequent visit. This does not only have a negative impact on the customer relationship but also puts pressure on customer service: According to a Forrester Report, 25 to 40 percent of all help desk calls are due to password problems or resets. Contacting customer service means additional effort for the customer – an extra mile not everyone is willing to go. In fact, 28 percent of US users responded ina recentstudy that they abandoned their online shopping cart during checkout because they had to create an account to complete their purchase.
Transforming identity management
How can businesses provide a frictionless user experience on their websites, online shops and apps, whilst saving costs and improving security? SAP’s employee-led venture OwnID by SAPaims to transform identity management with decentralized, portable identities. Just like a key unlocks our home, a user’s phone becomes a digital key to unlock websites and apps wevisit every day. Founded in 2019by RoolyEliezerov and myselfand selected to receive funding in the SAP.iO Venture Studio, OwnID’s vision is to change the mechanism of online logins and lead the next step of digital identity ownership.
How OwnID works
Websites and apps can add OwnID’s “Skip the Password” capabilities to offer users a multi-factor authentication login option with their phones instead of choosing another password. “People forget passwords, but rarely forget their phones”, explains RoolyEliezerov, President of OwnID. “When users logintoa website with OwnID, passwords are no longer necessary”.
Instead, identities are encrypted on the user’s phone. The phone’s biometric lock mechanism like FaceID, TouchID or fingerprint coupled with FIDO2/WebAuthnare used as a second authentication factor to validate the user and protect their identity right at login. FIDO stands for “Fast IDentity Online” and is an authentication standard that enables simplified login to devices and web services – without having to sacrifice a high level of security. OwnID and third parties do not have access to any data. Websites that already use SAP Customer Data Cloud (formerly Gigya) can enable OwnIDwith one click. Others can implement OwnID using a step-by-step guide withoutwriting any line of code.
Putting users in control of their data
While one single entry into the digital world is convenient, security and privacy concerns slow down wide-spread adoption. With the rise of the digital economy, retailers, authorities, or banks have turned into identity management organizations, responsible for storing and protectinglarge amounts of sensitive personal data like social security numbers. Unfortunately, massive data breaches likethe one atEquifax in 2017, which exposed the personal information of 147 million peoplehave shown, not all of them were equipped for this new role.
Decentralized identity puts the power and responsibility back in the hands of the individual, enabling them to control and protect their own personal data. With solutions such as OwnID, lock up takes place in decentralized ledgers which are not controlled by any organization or central institution, and cannot be tampered with.Remote hackers might gain access to pieces of personal information but proving an actual identity and logging to a website would require the physical device of that person. But when a user’s identity is encrypted and stored on their phones, whathappens when it islost or stolen? With OwnID, users provide their email address once they have a new phone and receive a“magic link” via email. This link allows them to login directly when clicking on it – similar to a one-time-use code. The thief won’t be able to use the phone to login to a website since a user’s identity is protected by the phone’s unique lock mechanism.
First step towards self-sovereign identity
Decentralized solutions like OwnIDpave the way towards a self-sovereign identity (SSI). Based on blockchain technology, SSI provides clear transaction documentation and allowsto check the validity of credentials at any time. The decentralized structure of blockchain and the open-source design of all software components underline availability and independence.The user gets a seamless, password-less user experience and has full power and authority over their digital identity, personal credentials, and datawithout any centralized components.
For enterprises, there is an equally heavyweight opportunity to take identity management to the next, future-proofed level.SSI offers significant advantages over traditional identity management. This includes immediate access to SSI-enabled applications, unprecedented flexibility since credentials can be created, assigned, and revoked as needed to anyone regardless of organizational affiliation, securityas well astrue privacy by design.
While it will take a couple of years for SSI to mature and gain wider adoption, we believe now is the time to get involved and contribute to shaping the technology. The future ofhyper-personalized user experienceswith minimal disclosure of personal data and a fully owned digital identity starts with solutions like OwnID.
To learn more about OwnID, visit the new developer’s guide and documentation portal https://www.ownid.com
