Passwords have long been the authentication of choice when logging into all types of online accounts, from social media to e-commerce to banking, but with cyber-crime on the rise and criminals becoming more sophisticated, a simple password like “password” won’t do anything to protect. As a result, many websites are requiring far more complicated passwords that include capital letters, numbers and, symbols, and letting customers know when the passwords they’ve chosen are weak, average or strong.
And therein lies the problem. With websites requiring stronger and more complicated passwords, the passwords are becoming easier to forget, especially when some security experts recommend different passwords for each site and not reusing passwords and the discouraging of writing down passwords. The average person is expected to have over 200 online accounts that require passwords by 2020 that is a lot of passwords to remember! Issues with password reset and strict password rules can affect your bottom line – nearly 19 percent of online shoppers who experienced one (or both) of these scenarios ended up abandoning their online shopping carts. That’s almost one-fifth of your customers!
Online merchants are becoming concerned about these statistics, and are looking beyond passwords alone for additional ways to authenticate their customers’ identities/account information. Below are some tips from the Baymard Institute that, when used in combination, will help you ensure customer security while allowing them to shop to their heart’s content:
- Suggest stronger passwords, but allow shorter ones to be used. For each additional character (letter, number, symbol) used in a password, it becomes more difficult to hack. So a six-character password will be much easier to hack than an 18-character password, but obviously the shorter one is easier. Also, try to avoid words and phrases in the dictionary or consecutive numerical patterns. It’s hard to believe that “123456” is still the #1 password used today! Instead, think of a sentence you can remember easily and use the first letter from each word – “My grandmother was born to Polish immigrants in 1929” becomes “Mgwb2Pii1929.” This is a MUCH stronger password than “password” or “123456!”
- Implement two security measures. Including an extra step with the password can help lessen the need for “technically strong” passwords. Options include locking the account after a set number of unsuccessful log-in attempts (usually 10-20) within a certain timeframe and having customers re-type some or all stored credit card information when shipping merchandise to a different address or changing their stored shipping address. A follow-up email may also be sent to the customer to alert her to erroneous attempts to log in or use her account.
- Allow guest check-out for registered users. There are various reasons existing customers will want to check out as a guest, but most often it is because of a password issue. If a customer has forgotten her password and requested a password reset email, but it never arrives, you’ve just lost a sale. Unfortunately delivery of the email is out of your hands, but the result is the same – the customer goes elsewhere for her merchandise. Allowing a customer to checkout as a guest with the email that’s already registered to an account can prevent issues with the password reset email and guarantee that the customer completes her purchase – on your site!
- While it’s not your job to help customers remember their passwords, you should make the password reset process easy, painless and fast. The longer it takes, and the more complicated you require your site’s passwords to be, the higher the likelihood of your customer abandoning her purchase. Utilizing a password with other authentication, including allowing guest check out for all customers will not only help to reduce shopping cart abandonment due to forgotten passwords, but it will go a long way in keeping your customers safe while shopping on your site.