It’s a well-established fact that experiences color our reactions. A good experience can turn a chore into something delightful. A bad experience can make even a favorite activity downright unpleasant. Good experiences tend to make us want to come back for more – you can thank dopamine for that! – so given that the identity experience is often the first thing that we encounter when we try and interact with an online service, it behooves any business, whether consumer or business facing, to make this experience as good, as unobtrusive and as delightful as it can be.
All too often, that isn’t the case.
I suspect that, as digital identity professionals, we tend to notice failures more readily that others, but take a moment and consider how frequently in the last month you have registered for a new online service, or needed to confirm your identity for a high-assurance use-case, or – my personal favorite – changed your password. I wonder how many of those interactions were at the very least ‘not too bad’? How many were ‘pretty good, considering’? How many were ‘surprisingly good’?
I’m prepared to bet that the majority were ‘not too bad’, with maybe one ‘Wow! I wish everyone did it like this’, seasoned with a reasonable scattering of ‘!@*$#(@ that was dreadful!’ (after an hour of back and forth trying to get the thing to work).
Businesses can and should do better.
We have the standards, processes, procedures and products to make these interactions both secure and convenient. By secure, I don’t mean: hey, we made it really hard for you to generate a new password that conforms to our arbitrary ‘rules for good passwords’. And by convenient I don’t mean ‘forgot your password? No problem, we’ll send an email (to your address, which is your username) with your new password in the clear.’ The first of those is so depressingly frequent that I can guarantee everyone reading this will have had that experience in the last 30 days. The second is sadly still more common that you might imagine.
No: by secure and convenient, I mean identity processes that are designed to help us, as human beings, get on and do the things we need to do, in the certain knowledge that our information and our privacy is being protected.
So, if we have all we need at our disposal to make this happen, why then are there still so many poor experiences? As ever, it’s a combination of things. Business owners don’t realise that this is a problem. We don’t instrument it (and in some cases it’s truly very hard to instrument), nor we do focus groups, so we can’t demonstrate the effect on the business. Security teams don’t know any better. We’ve trained consumers to understand the wrong things as ‘secure’. And users don’t complain, either because they don’t think they can or because they can’t imagine a better alternative.
Identity pros know better. We know how to build these systems better. We know we can make a positive difference to the businesses we work for and keep those businesses and our customers safe. We know that these are not competing requirements; they are complementary.
I’ll end, then, with two requests. First: if you recognise that these are problems in your own organisation, start the conversations to help make a change – and remember that those conversations likely need to start as business rather than technical discussions. Second: share with your fellow professionals what works and what doesn’t; and ask for help where you need it.
In identity, as in everything else, the experience matters. It’s time to make it better.
IDPro is a professional organization for practitioners of Identity and Access Management
IDM dach 2022, hosted on May 24 by @WhitehallMedia, is a gathering of today’s #IAM leaders, decision-makers and influencers delivering a fully virtual program of inspiration and enablement! Register for this exciting event today: https://bit.ly/3KfO0V9 #identity
The #IDPro Body of Knowledge features #IAM industry articles written by our fellow #DigitalIdentity community members. This unique resource is available to anyone looking for valuable industry insight: https://bit.ly/3LATsTE
One of the best resources for #IDPro members is our #Slack space, with access to the IDPro community to discuss challenges we face in the #DigitalIdentity world. Take advantage of all your membership has to offer and join the discussion. Learn more: https://bit.ly/38fNt8n #IAM
Last month our IDPro members shared their #IAM best practices during Identity Management Day! We've collected those best practices into a blog post for our followers! Read more here: https://bit.ly/3uvkGFz #Identity
#EIC2022 - Europe’s leading event for the future of #digital identities and #cybersecurity starts today! We look forward to seeing you at the event or in the online sessions! #Identity #IAM