Balancing User Experience and Security

Between long hours at work and time spent on devices outside of work hours, digital interactions have become a dominant and permeating force in the lives of people all over the world. In 2020 and 2021, the global COVD-19 pandemic rewired consumers to be digital-first.

Because of this, organizations and businesses have become hyper-focused on boosting user experience (UX) to ensure that customers and employees can easily engage with all their digital properties, helping to support and drive business growth. Unfortunately, this also means that bad actors are also on the rise, and online threats are more prevalent than ever.

A great UX is critical in this digital-first world but begs the question: is it possible to balance UX and security in a way that creates a smooth experience for the user and a secure environment for your organization? In this article, we will look at how identity security can balance UX and security throughout the user journey.

The best thing an organization can do to boost UX is to eliminate friction in how users (both customers and employees) interact with digital properties. Anything that causes a complication, delay, extra step, or any frustration on the part of the user constitutes friction. A few examples of friction include:

Because of the prevalence of security threats, many businesses are responding by putting up security checks throughout user journeys. These measures can provide critical security against costly threats and may help users feel more trust. However, they also create friction in the UX, which may undermine your business objectives.

Historically, the concepts of UX and security have been seen as competing forces within the digital experience — enhancing the one will negatively impact the other. 

Take passwords for example. If you’re hyperfocused on UX, you may allow users to choose passwords that are easy to remember, with few characters and no requirement to change their password at set intervals. You could argue that this practice provides a better UX. However, doing things this way presents a big (and unnecessary) security risk.

On the other hand, if you make security your top priority, you might require long, complex passwords that are much stronger. The drawback to this, of course, is that users may forget their passwords or become so frustrated with the process that they abandon a transaction.

To balance UX and security, you need to eliminate the tension that exists between a pleasant UX and strong security for your organization. Identity, security can help you achieve this balance (more on that later).

As businesses have continued to ramp up digital channels and platforms to meet demand, bad actors have been working just as hard to develop new tools and methods to threaten security. The following statistics help tell the story:

• Bad bots are becoming more frequent, complex, and intense. In fact, 27.7% of all web traffic is due to bad bots

   

• Almost a quarter of US households have been victims of account takeover, at an average financial loss of $12,000.

   

• As of July, 2021, there were 15 billion stolen passwords for sale on the dark web.

Although users expect a seamless online experience, they also expect those interactions to be safe and secure. While many data breaches can be credited to the poor password habits of users that led to easy compromise, all users remember is the breach and where it occurred.

For the average person and the businesses they interact with online, the potential impact of a data breach is high, especially considering the financial consequences in fines and remediation costs. What is more difficult to measure is the financial implications associated with the impact of a breach on brand reputation after customers lose trust.

As digital interactions continue to rise, the ways users expect to interact with businesses online will continue to evolve. Perhaps due to the sheer volume and frequency of those interactions, today’s users tend to evaluate their digital experiences based on the principle of “last best one,” rather than comparing businesses in the same industry.

For example, a user may compare their experience with online banking to their experience with buying shoes online. Even though those are bound to be two very different experiences, users simply expect every experience to be as easy as the best one they remember. If it isn’t, they may be reluctant to come back — especially when they have so many other choices.

No matter the industry, customers have three main expectations for the brands they interact with: convenience, security, and privacy. Based on those criteria, they will choose not only their favorites, but which ones to avoid.

Consider the following statistics:

• 24% of customers abandoned transactions during checkout due to the requirement to create an account [https://baymard.com/blog/checkout-flow-average-form-fields].

   

• 56% of online customers have abandoned an online service when logging in was too frustrating (2021 Consumer Survey, Ping Identity).

While friction causes would-be customers to give up on you and go elsewhere, providing a great UX is key to keeping users engaged with your brand. 

However, this phenomenon applies to much more than the consumer experience. The usability of your internal systems determines how quickly and easily employees can access the tools they need to do their jobs, which can massively impact productivity.

Knowing who your users are without interrupting them with security roadblocks to verify their identity is critical to providing a UX that keeps them coming back. Identity security allows businesses to bring UX and security together, ensuring every digital touchpoint in the user journey is both seamless and secure by:

• Ensuring the identity of every user

• Allowing users to access only the data, apps, and services they are authorized to see

• Meeting both of these objectives without causing user frustration

Most security measures will inherently add friction, making it difficult to find the right balance between security and UX. This is where identity security comes in. It can help you achieve that balance without compromising one or the other.

Identity security helps you eliminate the tension between the seemingly opposing forces of UX and security, enabling them to work in tandem so that every digital touchpoint is both convenient and secure. A comprehensive identity security solution gives you the best of both worlds, along with more efficient digital delivery. Here’s how.

Building Delightful Experiences

With security measures that rely on identity security to assess risk signals in real time to make intelligent authentication decisions over always relying on frustrating security checks like passwords, your business can dissolve friction in the customer journey. This approach allows organizations to reduce friction and appropriately adapt the UX in response the level of risk a user poses and whether they

• Should be asked to provide a password

• Should be prompted for multi-factor authentication (MFA)

• Should be denied access

This creates a comprehensive yet unobtrusive layer of security that helps customers do what they intend to do without unnecessarily getting in their way.

Identity security isn’t only for streamlining authentication; it can simplify customer interactions across the digital journey by

• Only asking for the right amount of information during the first interaction, leveraging progressive profiling to avoid asking for too much information too soon

   

• Enabling self-service to make it convenient for users to reset their accounts, change passwords, or update information themselves

   

• Removing redundant authentication checks when customers contact support

All of these factors result in less friction in the UX, making it convenient for users to keep engaging with your digital platforms.

Preventing and Mitigating Threats

With identity security, you’ll know who your users are and what they should have access to, ensuring the protection of both the business and its customers.

Identity security is key to preventing data breaches, detecting and mitigating fraud, and protecting user data. There is constant pressure on the teams responsible for securing digital interactions and ensuring compliance. They must be able adapt to new threat technologies rapidly, and identity security can help increase their agility to meet those demands.

Identity security can help you evaluate signals from a wide variety of identity services, detecting user behavior anomalies to identify bad actors from the moment they arrive on your website. With identity security, you can also keep bots and fraudsters out while rolling out the red carpet for genuine customers with a pleasant experience.

Accelerating Digital Delivery

If you want to boost the agility of your teams, identity security can help them efficiently optimize both UX and security.

A comprehensive identity security solution eliminates the need for hand-coded integration between identity services. Using no-code integration, your team can orchestrate components from multiple vendors into one cohesive, seamless workflow with enhanced security.

Building security into your customer journey using identity can reinforce a great UX rather than pulling against it. A convergent approach to identity security (such as PingOne Cloud Platform) integrates identity proofing, access management, and fraud detection across all your digital properties in a single, cohesive solution that helps you delight your customers and achieve business goals.