Personal Woes of Two-Factor Authentication
Dust off that PC . . . and that authentication?
This past weekend, my buddies in Europe organized a night of online gaming. It had been over a year since I last played with them. Did I stop to worry about authentication? Heck no. I fired up my dusty PC and launched a leading distribution platform for PC gaming.
Problem was I forgot the password to my account and was locked out for an unknown amount of time. This was absolutely frustrating since there was no “Reset Password” button. I had only two options: 1) Launch the mobile authenticator and provide the generated code, or 2) Contact customer support and expect a response within the next 24 hours. Option Two was not viable since I was online at that time to game with friends who were already 5+ hours ahead of my Eastern time zone.
Overcoming unnecessary friction
The nightmare ensued after I clicked Option One. “Please launch your mobile authenticator and provide the generated code.” I went through my phone and found the app, launched it, and realized I may have lost access to my account with hundreds of dollars worth of games.
The mobile authenticator did not work because the account was tied to a British mobile number and device I had years ago. I have a USA mobile number now so an OTP sent to my disconnected British number was of no help.
I was locked out and didn’t know how I was going to authenticate to my account. That is an awful feeling that no customer should experience. And yet you’re all nodding along because you’ve been there.
I spent the next hour digging through storage boxes to find my old phone, praying that the mobile authenticator app was still on it. I fired it up and found I had 1% battery left. I frantically found the mobile authenticator and tried to login. I was faced with an error message, “Too many failed login attempts have been made from your network. Please wait for a short time before trying again.” Authentication denied. At least for a short time.
What is the definition of a short time and how long did I really have to wait? Apparently it meant thirty minutes – and after nearly two hours of heart palpitations and rummaging through cardboard boxes – I was finally able to login.
What’s the takeaway?
Security is meant to protect . . . but it shouldn’t be the reason the customer is locked out of the services they pay you for and then left stranded. Had I been given more options to authenticate besides a mobile authenticator app, I would’ve saved time, headaches, and been able to join my friends much sooner. I’d feel more incentivized to be a loyal customer had my login journey been user-friendly and intuitive instead of the mad scramble that it was.
It’s the 21st century. Let’s give customers the intelligent login technology they deserve. If you invest in them, they’ll invest in you.
For more information on how you can improve the login experience for your customers, check out our Intelligent Authentication video playlist here.
*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Lani Leuthvilayn. Read the original post at: https://www.forgerock.com/blog/personal-woes-two-factor-authentication
