‘Less Is More’ For Passwords On Subscription Sign-Up Forms

Passwords

Consumers seem to have a love/hate relationship with passwords. While consumers love the (supposed) security, they hate the nuance of remembering what favorite dog or past college crush the password was framed around.

But perhaps subscription services, too, should not be too happy with passwords — particularly on how they impact conversions. Passwords can add complexity to a sign-up process. In the end, certain password features drain a significant amount of time.

The problem is only getting worse: 155 merchant websites analyzed in both Q3 and Q4 saw their average time to subscribe increase by 49.2 seconds in Q4, a 43 percent rise from Q3. And passwords were partly to blame, according to the PYMNTS Subscription Commerce Conversion Index.

In particular, some password features can make the sign-up process longer. Here are five time-draining aspects of passwords that retailers seeking to design a sign-up form should keep in mind.

— Password special characters increased time to subscribe by 24.8 percent in Q4 2017. And the practice of replacing letters with numbers or symbols that resemble them doesn’t actually deter hackers, according to a former manager at the National Institute of Standards and Technology. If merchants do want customers to use these characters, the Nielsen Norman Group recommends passwords be as simple as possible. To nudge users, websites can show progress meters or put checkmarks next to password requirements a user has met (e.g. password has more than one number).

— Password verification increased time to subscribe by 13.2 percent in Q4 2017. Asking a user to enter a password more than once makes the user do more work. And this process might only prevent few errors. Users are very good about finding workarounds for verification steps to make their sign-up process easier. Some users will simply copy and paste an email or password from one field to another — in a sense defeating the purpose of having the user verify the information by typing it twice to check for errors in the first place.

— Password length increased time to subscribe by 27.3 percent in Q4 2017. It is possible to secure a password, as long as it is longer than eight characters in length — and, of course, has different characters, among other features. The challenge is remembering it. In creating passwords, people typically use something they can remember because it carries meaning to them.

— Multiple-character passwords increased time to subscribe by 7.4 percent in Q4 2017. They simply stymie consumers. As passwords are proliferating, consumers aren’t actually able to come up with that many distinct passwords. As a result, they start repeating patterns and varying the numbers or punctuation marks. And repetition makes passwords less secure — a cybercriminal who cracked one is maybe one to two digits away from having all of them.

— Passwords, in general, increased time to subscribe by 79.3 percent in Q4 2017. And there’s a faster alternative, if consumers are able to look past privacy concerns: biometrics. The iPhone X, for example, was built with a facial recognition function. The newest security offering works much the same way Touch ID worked in previous iterations of the iPhone: Your face is “read” like a fingerprint, and a “partial version” of that reading is stored and compared against future users.

Even if the sign-up process goes smoothly, consumers can still lock themselves out of their own accounts by not doing all that much to lock out cybercriminals with complicated passwords. “It just drives people bananas, and they don’t pick good passwords no matter what you do,” one expert said.

After all, easier and more memorable lowercase passwords in common English are sufficient. The password “correcthorsebatterystaple,” for example, would take 550 years for a cybercriminal to crack with hacking software.