Hello World, Goodbye Passwords
TL:DR;
Passwords suck. No one should have to manage hundreds of passwords, in addition to password managers and authenticator apps, just to authenticate their identity across the internet. We believe Passwordless Auth is the answer and built AuthEasy to create simpler, frictionless auth flows and improve user experience.
Longform:
In early 2021, my co-founder Akhil and I launched Edvey — a learning platform to support Training Centers offer online skill development programs in India, mostly in rural and semi-urban areas. We had developed Edvey over a good part of 2020, with over a couple of months going into building the user infrastructure. A lot of thought had gone into the product — based on the dominant target user demographic, we designed Edvey to have a very simple, intuitive user experience and to work great on basic smartphones with low bandwidth data connections. We tested different use cases internally and we thought we’d done an alright job.
So, imagine my surprise when, days after a large skill development center launched their first course on Edvey, I woke up to over 200 support tickets one day. Frantically, I called Akhil and we tried to check if we were being spammed by a bot of some kind. It was no bot, these were genuine password reset tickets. A lot of students had just forgotten the passwords they had used while signing up. Further, most of these users also preferred to login using their phone numbers over email. And this was no freak event — this pattern continued with other customers and users as well. Akhil quickly implemented a simpler password reset flow and a login flow that accepted phone numbers in place of email IDs, but the support tickets kept coming. The problem was passwords. We were noticing user drop offs and reduced engagement as a result. A lot of user sessions on Edvey began with a password reset. But users forgetting their passwords is normal, right?
This problem with passwords really hit home when I forgot the password to a temporary account we had created on Edvey, just before a customer demo. Now, I’m probably a little more paranoid about my account information than the average internet user. I use complex passwords, a strong password manager and an authenticator app for 2FA. I’m very reliant on my password manager and most of my passwords are auto-generated complex sequences of characters to protect my accounts against brute force attacks. But I had forgotten to save this password on my password manager and I was locked out, 5 minutes before the customer demo.
Akhil and I spoke at length later that evening about this. We were both fortunate enough to use computers since the late 90s and access the internet in the noughts. We remember how creating our first email account was a huge thing back then — we’ve moved from managing only a single account on the internet to the age of apps where we’ve got hundreds of user accounts to track. We’ve seen the shift from simple passwords in the early 2000s to complex passwords to the era of Two Factor Authentication with external authenticators.
Studies show that the average internet user has to manage over a 100 accounts today — but what is being authenticated/verified in each account is the identity of the same individual. However, the average internet user is most likely not using a Password manager or an Authenticator app or a USB Token. Over 66% of users reuse the same password on more than one online account and over 37% forget a password at least once a week. My dad literally has a piece of paper with ALL his passwords written down, and I suspect he’s not the only one doing this. Apart from the hassle of remembering passwords, long Signup forms and Password Reset flows are other major points of friction in the user experience. Sign Up forms that take every data point from a user’s existence right from their full postal address to what school they went to are overkill. What about useless personal questions on password reset flows — a user keys in his mother’s maiden name only to be verified again via email? Users would rather drop their account or steer clear of such a service altogether.
On the business side of things, over 50% of all support tickets are password-related (usually forgotten passwords). Each ticket costs organizations around $70 — handling 10 tickets daily will cost organizations close to $128k annually. That number may seem large to some people, but I’d say it’s only a conservative estimation. How can you track the value lost because of an interrupted user experience, user drop offs and poor engagement?
Does it HAVE to be this complicated? Does a user really NEED to manage hundreds of passwords and additional apps to secure said passwords? Modern Signup, Login and Password reset flows incorporate some form of additional verification — either through a verification link sent to a user’s email or a passcode sent to their phones. Why make a user jump through all the other hoops when they are being authenticated without the need for passwords anyway? Why shouldn’t users have their choice of secure AND convenient modes of identity verification?
We believe, without a doubt, that Passwordless is the future. So, we built AuthEasy.
Stay tuned for more in our future posts!
