Customer authentication walks a tightrope between seamlessness and security, but single sign-on (SSO) systems can bridge this gap using a single password administered by third parties like Facebook or Google. In this month’s Authenticated Payments Report, Ripl CEO Clay McDaniel outlines how SSO solutions can safeguard the payments process while sparing users from managing countless usernames and passwords.
Logging in to an online service is a ubiquitous part of the digital experience, with a huge portion of websites, apps and other online tools requiring personalized accounts intended to keep other users out.
This process is critical for security, but it can often create user friction and even result in abandonment if it is arduous enough. Studies have found that up to 31 percent of users have abandoned sign-up processes because they were too difficult or took too long, for example, representing a massive loss of potential revenue.
This friction can take many forms, from stringent password requirements to two-factor authentication (2FA) requiring customers to keep additional devices at the ready. There are a few ways to circumvent these issues, however. Many businesses are reducing these obstacles and simultaneously improving their security by deploying federated identity solutions like single sign-on (SSO), which allows users to log in to various websites via a single password administered by a third party. One company using such solutions is social media marketing firm Ripl, which leverages SSO options from Facebook, Google and Apple.
“The trusted reliance on recognizable widespread authentication options like [those of] Facebook, Google and Apple has pushed our initial registration rate from 95 percent to north of 99 percent,” Ripl CEO Clay McDaniel told PYMNTS. “We have hardly anybody now stepping away from the initial … sign-up and registration experience, and I attribute that improvement to presenting these recognized and trustworthy options.”
McDaniel spoke in an interview about how Ripl benefits from offering these SSO solutions as well as the potential compliance and friction consequences businesses can face if their login experiences are not up to par.
How Ripl Deploys SSO To Improve Customer Logins
Ripl’s approach to tapping SSO options mirrors that of many other websites, apps and services. It allows its customers to use their Facebook, Google or Apple accounts to sign in to the service. McDaniel said this allows Ripl to rely on the security approaches provided by three of Silicon Valley’s heaviest hitters and also gives customers confidence by offering familiar options.
“When we put the Google option in front of our Android app users, it immediately jumped to a significant percentage of new registrations as well as existing customers who may have created their accounts originally with email but wanted to start using their Google accounts,” McDaniel said. “They have that confidence that there’s a good security relationship between our app and the OS of the device they’re using. Similarly, when we moved to put the Apple ID on the iOS app, we saw an immediate uptake on that.”
Ripl’s SSO integration has significantly eased the friction of new account creation in addition to boosting customer confidence in its security systems, McDaniel said. SSO enables customers to create accounts with a single click rather than undertaking the entire process of password creation and verification, resulting in a sharp drop in account creation time.
“With Android in particular, we lopped off about 20 percent of registration time,” he said. “We’ve [also] shaved almost 25 percent of the time to get people through the [web] registration sign-up process by offering Google, and on iOS [we] have similarly seen a significant reduction in the amount of time required for sign-up.”
The benefits may be immediately measurable, but McDaniel also warned about the dangers of having a login system that is not seamless or secure enough. Not only could customers abandon sign-up processes due to friction, but regulators could also impose massive fines for subpar account security.
The Consequences Of Subpar Authentication
Customers are often fickle when it comes to authentication, and many are willing to jump ship when a login process proves to be too opaque or laborious. There are thousands of websites, apps and other digital experiences out there, leaving customers to look for greener pastures if they feel that one provider’s authentication strategy poses too high a hurdle.
“[One of the] biggest drivers of churn for customers is getting blocked on the way to the core software experience, so it’s all about how you handle their account credentials and how you help them get in and get out,” McDaniel explained. “You want the least leaky bucket around retention and capture, so you need to do everything you can to ensure that every successive return can seamlessly bring them back into the core of the software experience.”
A threat equal to customer abandonment is running afoul of regulatory agencies due to insufficient cybersecurity. Oversight agencies the world over have levied enormous fines on companies that have failed to take security seriously, and not even Fortune 500 companies are immune.
“It doesn’t matter whether your company is small, medium or large, the penalties start at millions of dollars,” McDaniel warned. “Especially for small companies, it’s important to be reliant on the strength and experience and power of trusted third parties to help ensure that when data is provisioned to you by a customer, [it] is as secure as possible. It just helps reduce your legal, regulatory and financial risk as a company.”
Federated identity solutions like SSO are not the only answer to the ever-present perils of fraud, churn and compliance fines, but they can be some of the most effective. Businesses looking for seamless yet secure login solutions could see big benefits if they are willing to leave the hard authentication work to the technology giants and other third parties that consumers know and trust.