When Customers Forget Their Passwords, Business Suffers

A lot of money goes unspent in the online world for a simple reason: Shoppers can’t remember their passwords.

The average person is registered to 90 online accounts requiring passwords, and the number keeps growing. Few people remember so many passwords.

“About a third of online purchases are abandoned at checkout because consumers cannot remember their passwords,” according to a study released last week, conducted jointly by MasterCard and the University of Oxford.

Experts in e-commerce say that major online vendors stand to lose a lot of shoppers if they don’t take corrective action.

“For most sites, it would be a multi-million-dollar loss, if not higher,” said Christian Holst, a co-founder of Baymard Institute, an independent research entity in Frederiksberg, Denmark, that conducts large-scale tests on usability of e-commerce sites.

Passwords are only part of the problem, but a major one. Consumers just can’t remember them all, and most online vendors, banks, airlines and others require them. So 51 percent of people use similar passwords over and over, the study found.

“They are variations of passwords they’ve used for many years. They keep changing the number (at the end) of the password from 1 to 2 to 3 to 4, or move through different special characters,” said Ryan Wilk, vice president of customer success at NuData Security, a Vancouver firm that helps companies identify online users based on passive biometrics and behavioral analytics.

“Quite often, people will use the same variation of a similar password across the board and will modify that password’s strength based on the requirements of a site,” Wilk said.

“Twenty-one percent of users forget passwords after 2 weeks, and 25 percent forget one password at least once a day,” the study found.

When online shoppers get into the digital checkout funnel of an e-commerce site but then give up because of a roadblock, it is called “cart abandonment.”

It doesn’t take much for users to walk away from their e-shopping carts. Online sites routinely have different requirements for passwords. Some demand that they be a certain length. Others require alphanumeric combinations. Still others ask for a symbol to be included.

It is all in the name of security. Online businesses don’t want to deal with fraudsters. And consumers don’t want their credit card data stolen from businesses by hackers.

So users come up with coping strategies. Some shoppers simply hit password reset. But that can bring other problems.

“Some users will start to get impatient after just one or two minutes,” Holst said. “Users are extremely impatient online.”

At some sites, those who reset passwords must wait to receive an email, and sometimes they have to reply to another confirmation email.

“What we’re asking them to do is to stare at the screen for several minutes. One or two minutes will feel like five minutes,” he said.

Baymard says it sees an 18.75 percent abandonment rate due to reset email issues.

Potential customers, even after committing to buy something online, are in what e-commerce developer Nirav Sheth calls “a fragile state.”

“Any little excuse can cause them to abandon. They are questioning: Do I really want this? Do I really need this?” said Sheth, owner of Anatta Design, an e-commerce design and development agency in Los Angeles.

Outlets that streamline the checkout process, and offer forgetful users a “guest checkout” option if they’ve forgotten their passwords tend to succeed more, he said.

They focus on having a customer “think less and do less” and are “constantly showing them success messages, things like ‘Hey, you did it right!’ It’s almost like treating them a little bit like a baby, guiding them,” Sheth said.

Other issues that can cause shoppers to jump out of the checkout line, experts say, is lack of information about shipping costs and failure to streamline the “clicks” needed to finish a purchase.

“Amazon is famous for their one click, where they can recognize that it is you. You’re able to transact with all your stored information. They know all the history of what you’ve looked at,” Wilk said.

But if you’re a new customer, it’s a different story.

“You’re almost in Amazon’s learning phase. They’re learning who you are. They are learning if they trust you. It’s almost that you have to teach Amazon for a while when you’re a new customer or a non-repeat customer,” Wilk said.

Some websites, particularly those of financial institutions, are leaning more on passive authentication of users, taking sensor data from smartphones or desktop computers of those visiting their websites. But e-commerce sites are also experimenting.

“We’re seeing a lot of adaption right now,” Wilk said.

Smartphones have as many as 10 different sensors in them measuring motion, location, angle of the phone, pressure on the screen, ambient light and other attributes. Some websites can extract that data, at least partially, to help identify and profile a user.

“They can look at many different data points within the device, everything that the device is making publicly available, so things like pressure on the screen when you’re typing, how you swipe, and different angles of how you hold your phone. Do you appear to be right-handed or left-handed?” Wilk said.

Such passive biometric data, when compiled by analytic software, can help retailers, bankers and other institutions be assured of the identity of their customers.

“It doesn’t exactly say it is you. But if you see that the person who’s trying to authenticate is right-handed, and all of a sudden you see the device in a left-handed configuration, you can very easily see that it’s a different human interacting,” Wilk said.