Picture this: You’re about to buy something online, but the site doesn’t remember who you are, so you go buy your item elsewhere, or just not at all. What might sound like an unlikely scenario happens all the time – a FIDO Alliance study found that U.S. consumers abandon a purchase and stop accessing an online service because they can’t remember their passwords 4.76 times per day on average. Retailers can avoid this problem by tapping into customer authentication psychology.
Retail lags in authentication modernization, but not because providers aren’t interested in upgrading. It’s because customers actively reject change. Familiarity, ease of implementation and legacy system compatibility all mean that very few retailers offer anything beyond usernames and passwords, not even two-factor (2FA) and multi-factor authentication (MFA).
Of those who do, adoption is very low. Other retailers then cite this as a reason for not offering the option: “Why would we spend money to add these security features when our customers aren’t even going to use them?”
There is, however, a glimmer of hope. Ecommerce sites have experimented with magic links, an authentication method that is a little higher friction but is still a viable passwordless alternative. Meanwhile, biometric authentication (think fingerprints and facial recognition) is gaining popularity among less technical users, even if it’s simply to unlock their smartphones. Passkeys, another passwordless authentication method, leverage biometrics or a PIN to let consumers confirm a purchase with just a tap or a quick selfie.
As a retailer, your login process affects customer behavior and loyalty. This login effect means that first impressions of your retail site are often formed during account creation and that all future login interactions impact your customers’ perception of your retail experience.
The Psychology Behind Authentication
A login experience can easily influence your potential customers’ willingness to make purchases, which in turn affects you, the retailer. The amount of mental processing power needed to use your site affects how easily users find content and complete tasks. Complex password requirements, high-friction authentication methods and multiple authentication steps increase user cognitive load, hurting user engagement. As such, you should minimize cognitive load to maximize usability. The higher the cognitive load, the less likely people are to make purchases.
If your customers have to deal with an annoying login process at the end of their shopping journey, they’ll just abandon their cart. This explains why guest checkout is so critical for retailers these days. That said, guest checkout is a band-aid solution for new potential customers who don’t want to create an account and for returning customers who can’t remember their account details.
Instead of such half-measures, retailers need a system that accounts for these behavioral challenges and can smooth the customer payment journey. The goal is to balance convenience and security without compromises.
Strategies to Improve Authentication Practices
To improve authentication practices and encourage customers to adopt more secure login methods, consider the following strategies that balance security with user convenience and education. By implementing these approaches, you can help shape customer behavior and reduce the risk of breaches, while also improving customer retention and overall experience.
- Offer alternative login methods, such as social logins, magic links and passkeys directly in the customer payment flow using adaptive authentication. Avoid asking customers to create a passkey or use an alternative login method at the last minute, such as right before they hit the Confirm Purchase button.
- Educate users on the benefits of stronger passwords, multi-factor authentication and passkeys. Consider offering incentives, such as a 5% discount, to encourage customers to adopt more secure login methods. This can help mitigate the risk of breaches and improve customer retention.
- Encourage the use of password managers and integrate them with your ecommerce site: This can help customers generate and store unique, complex passwords, making their accounts more secure.
Every change you make should be to help your customers buy what they want while being more secure.
Always try to design user-centered authentication with the login effect in mind. In a retail context, the psychology of authentication is the difference between making and losing a sale.
Your retail business can be ahead of the security game, or it can always be scrambling to keep up. If you’re in the latter camp, your customers will leave to make seamless and secure purchases elsewhere. If you’re in the former camp, they’ll be abandoning their carts on your competitors’ sites to buy from you.
Rishi Bhargava is Co-founder at Descope, a developer-first authentication and user management platform. In a career spanning over 20 years, Bhargava has run product, strategy, go-to-market and engineering for category-creating cybersecurity startups and large enterprises. Before Descope, he served as VP of Product Strategy at Palo Alto Networks which he joined via the acquisition of Demisto. Bhargava was a co-founder at Demisto where the company pioneered the “security orchestration” category before being acquired. Prior to Demisto, he was VP and GM of the Datacenter Group at Intel Security and launched multiple products at McAfee (acquired by Intel).