Security by Design means UX by Design
Both for personal and professional purposes, the use of digital tools and services continues to grow. This digitisation of daily uses and working methods requires to reconsider the security of identities and accesses in order to protect online assets and information.
- Mandatory complexity of passwords (length, characters used, etc.)
- Unique password for each service used
- Automatic logout of accounts/profiles, requiring regular reconnection with the above constraints
To strengthen the password-based security model, the UX has been deteriorated and the idea has been established that more security = more complexity.
Why human behaviour is the main weakness of security
With all these requirements and constraints which come with the login/password combination, it is not surprising that human behaviour is the main weakness of security measures.
Common mistakes?
Use a password that is not secure enough
The famous "123456" and "123456789" are used by 23.6 and 7.7 million people respectively. Other top 5 passwords include qwerty (3.8 million), password (3.6 million) and 111111 (3.1 million). *
Use the same password on multiple platforms / tools
91% of users say they know that using the same password on several sites presents a risk, but 66% of them admit to reusing an existing password to register on a new platform - up 8% compared to the previous study. **
Keeping your password on a post-it or in a text file
3 out of 10 users centralize their passwords on paper. ***
Communicate your password
It is not uncommon to see passwords being sent to a colleague or a relative by e-mail or other means.
Never renew your password
80% of respondents are concerned that their password may be compromised, but 48% never change it if the service they are using does not require it. ***
Do not change your password after being hacked
Only about one-third of users usually change their password after being notified of a data breach. ****
The password security model, which was intended to be more secure, has, in fact, been made more vulnerable by the increasing number of constraints.
It's by no means a foregone conclusion.
To counteract this trend, the user experience as such must be integrated into the design of the security solution itself.
Combining security and a seamless connection experience
Let's take a closer look at what solutions on the market offer in terms of connection experience. You'll be surprised to find that you probably don't use the easiest, fastest, or even the most secure solution unless you're a customer of a good strong authentication solution.
| Features | Login/password | Login/password + OTP SMS | inWebo Technology |
| Security | ☆ ☆ ☆ ☆ ☆ | ★ ☆ ☆ ☆ ☆ | ★ ★ ★ ★ ★ |
| Offline mode (connect without mobile network) |
✔ |
✗ |
✔ |
| Fast connection experience (if you remember your password) | ★ ★ ☆ ☆ ☆ | ★ ☆ ☆ ☆ ☆ | ★ ★ ★ ★ ★ |
| Replace complex password with a PIN code |
✗ |
✗ |
✔ |
| Use the same password (or PIN) on multiple sites |
✗ |
✗ |
✔ |
| Connect via a trusted browser (Browser Token) |
✗ |
✗ |
✔ |
| Connection without smartphone |
✔ |
✗ |
✔ |
| Automatic entry of the OTP (no manual entry necessary) | – |
✗ |
✔ |
Security should not be synonymous with complexity! That's why inWebo provides a smoother user experience while guaranteeing a much higher level of security than any other solution.
User experience beyond connection
A security approach that encompasses the user experience must integrate all dimensions of the UX and not just the connection experience.
Enrollment
In order to make the enrolment simple and fast, inWebo relies on software tokens, which can be deployed in only 3 clicks to tens of thousands of users. With tokens available on computers, tablets, smartphones and browsers (exclusive!), you don't even have to worry about the equipment of your users. ➜ 99% customer satisfaction and loyalty
Selfcare
Users can self-manage their trusted devices, restore their authentication method or enroll themselves on other devices. ➜ Fewer help desk calls and lower maintenance costs
Mobility, remote work, BYOD
By working on universal tokens, compatible with all types of digital equipment, inWebo allows you to secure all the resources needed to implement any new modern work organization. ➜ Time saving and productivity
Integration and deployment
With hundreds of integrations ready to use, compatibility with all protocols on the market and our API/SDK, inWebo offers all the necessary tools for developers to integrate the solution easily and rapidly, without any modification of their existing technical architecture.
When user experience is part of security
Security by Design = UX by Design
As part of a reliable security policy, you need to protect your users' identities and access without compromising their experience. inWebo Strong Authentication offers the highest security on the market with an approach to the user experience extended to all dimensions of authentication:
- user login
- enrollment
- reset
- admin portal
- integrations
Take advantage of a 30-day free, no obligation trial, or contact us to request a demo.
** Study conducted by the LastPass password manager, 2020
*** CNIL/Médiamétrie 2018 Barometer on digital practices and personal data control
Our latest news
Understanding the differences between Authentication and Authorization
The terms "authentication" and "authorization" are fundamental concepts in IAM and CIAM. They form the framework of cybersecurity. Their proximity in meaning and pronunciation...
What is PBAC, and how is it any different from ABAC?
With the rapid evolution of technology, there is a massive migration of industries and large organizations to the cloud. Almost all resources, data and other entities...
No, not all MFA solutions are vulnerable to prompt bombing
Have you ever heard of MFA prompt bombing? It's the topic of the moment in the cybersecurity field. This technique was recently used against Uber by the famous group of...