Massive online purchase loss because people can't remember passwords

Thursday is World Password Day. So it's time to mourn all those purchases abandoned because of poor password management. The number seems very large.
Written by Chris Matyszczyk, Contributing Writer on
close up programmer man hand typing on keyboard laptop for register data system or access password with virtual interface of cyber security at dark operation room , concept

Wait, was it "Idiots39" or "39idiots"?

Getty Images/iStockphoto

I'd completely forgotten.

Actually, I'm not sure I'd ever remembered -- or even known -- that the first Thursday of May is World Password Day.

I'm grateful, therefore, to America's PR professionals for pestering me into awareness.

After all, online security is a booming concern. So sifting through the reams of dry information, I came upon a tidbit that was at least stimulating.

Security company iProov -- slogan: Simply Smarter Security (really) -- commissioned a survey of 1,007 American adults to ask about all sorts of things.

The question that moved me was: Have you ever abandoned an online purchase or online booking because you had forgotten your password and retrieving it took too long?

43.8 percent of Americans admitted they had.

I already hear you scoffing. How is it possible that anyone could be so password-incompetent? Yet real people tend to be emotional and impulsive. They desperately need something and are forced by venal retailers into opening an account that demands a password. They create one very quickly.

They don't keep a record of it, so the next time they go to that site the rigmarole begins all over again. It's very annoying. And annoyance can interfere with the purchasing experience.

Yes, but surely this doesn't happen that often. Well, the iProov survey suggests that 10 percent of these password-frustrated purchase-abandonders do it at least once a week.

Somehow, they can't get out of the spiral of password madness, yet continue in their twisted ways.

If that's the case, there are a lot of potential transactions being lost because of imperfection authentication. IProov estimates that forgotten passwords cause 16 online transactions per person per year to be aborted. Which seems like an enormous number of transactions.

Naturally, these security companies believe they have the answers. Because that's why they want you to remember World Password Day.

iProov's CEO and founder Andrew Bud, for example, told me: "Everyone knows that passwords are not secure. But the solution that is being applied to weak password security is to make passwords more complicated. Perhaps that's why half of Americans have abandoned online purchases in the past year and businesses have lost millions of dollars. We just can't remember our passwords."

He sounds truly frustrated, doesn't he?

iProov's solution is, of course, abandoning the password thing altogether and creating biometric authentication instead. Said Bud: "It remembers you even when you haven't visited a site for months, providing exceptional usability and outstanding security to remove the frustration with passwords and make everyone's lives better."

Oh, I don't know about better. It's the outstanding security part that may make one or two people feel insecure. Have we ever had that?

Then again, the Covid-19 pandemic is encouraging people to abandon their qualms about security. But when it's over, I wonder whether privacy might make yet another comeback.

Bud wasn't the only one ululating about password chaos to honor this fine holiday.

Here's a company called Centrify. It claims it's "redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale." That's a relief, isn't it?

Centrify's CEO Tim Steinkopf offered these words: "This World Password Day is unlike any other, as the pandemic and a 100-percent remote workforce makes business anything but usual."

His solution -- for businesses, that is? Why, it's "taking advantage of biometrics and other stronger factors of authentication that are finally getting us closer to killing the password." Some might worry they're also getting us closer to companies knowing far too much about our bodies.

Of course these security companies have a vested interest in killing passwords. Steinkopf wants organizations to "stop using shared or root passwords stored in a password vault and instead authenticate privileged users and grant them access based on their own identities and their assigned entitlements."

There go those biometrics again. Yet he wants to take things even further. He wants machines to instinctively know who's talking to them. He's desperate for companies to "enable machines with trust verification so they can protect themselves from illegitimate users who might seek access to them because they have a legitimate password."

Here ends my celebration of World Password Day. 

There wasn't all that much to celebrate, was there?

The dumbest passwords people still use

Editorial standards