Identity theft meets 1.1m reports – and the fatigue of authentication is only worse

From passwords to a true alphabet soup of other option second factor authentication (2FA)/one-time passwords (OTP), multi-factor authentication (MFA), individual registration registrations (SSO), Silent Network Authentication (SNA)-if it is an outstanding or even preferred type of the type goes with an outstanding or even preferred type of network authentication (SNA)-when it comes to an outstanding or even preferred type of the network– Identity authenticationThere is a little consensus between companies or customers.

However, what agrees is the need for these tools. The Fido Alliance It found that more than half of the customers (53%) recorded an increase in suspicious news and online fraud fraud in 2024. This was largely driven by SMS, e -mail and telephone calls and only intensified by progress in AI.

Even at a time when we continue to see astonishing fraud and the associated losses – the Federal Trade Commission Last year alone, more than 1.1 million reports on identity theft – companies have to do their best to achieve a linchpin between robust security and effortless convenience. Over-index at one and you risk customers to alienate too few tires and you lose your trust, too many and you lose your patience.

How do companies do this fragile balance and implement effective authentication solutions?

The customer is always right

When it comes to authentication, the company that means that employees refer to employees rarely. We changed too Web car As the only form of 2FA for the authentication of employees, a company -wide mandate that took a few weeks. This “forced adoption” works if your employees have no choice, but your customers.

Recently I wanted to book a hotel for my family vacation, so I went to my favorite trip, found the perfect room at a reasonable price and went to complete the transaction. One problem: I always came across a problem with Captcha on your side – twice. After the third attempt, I found the same space on the website of her competitor and booked at the same price.

Companies can dedicate massive budgets for first -class marketing that leads customers to their websites, products and services. However, if the friction in the user experience often prevents authentication as an initial contact point-it is wasted investment. Forty percent According to the company, one of its most urgent challenges is to find a balance between security and customer experience, in particular the reduction in friction during registration.

Customer behavior is difficult to change, especially when introducing new technologies. It doesn’t matter whether biometrics or public keys Cryptography If it is not immediately seamless to use, the customer option remains. Why do they still rely on so many people on simply enthusiastic passwords (they know who they are!). The reality is that you simply cannot force customer introduction companies that correctly do authentication, recognize the needs and restrictions of your customers, meet where you feel comfortable and understand that it cannot be uniform.

A significant future

In this struggle over friction against freedom, the future of authentication is more powered by continuous signals than by arbitrary identity test points such as registrations or purchases. Imagine authentication as a brake system in which the company can press or release the pedal in order to increase or reduce friction based on customer behavior.

Let us assume that I get an action for a 20% discount on new tires from my regular car business. If I click on the notification, I would expect a seamless registration experience to me, I sent the message to me, I am a long-time customer and use your application from a known device. But let’s say I go to Kansas City to do the work. If I open my laptop and are still logged into my favorite e-commerce platform, I would expect you to register or need me Identity proof To continue the session because I am in a completely different place based on previous buying history.

Think of the ecosystem of applications -shopping, e -mails, social media, home security and streaming services -in which we register once and rarely (if at all). What happens if your device is lost or stolen or your session is kidnapped? Companies have to take a way of thinking zero trust in which authentication can not only show their identification on the door, they can free the club, but also a continuous risk -based process that scales the friction based on their activity.

The folds here, like so many sectors, is AI. At the beginning of my career, I built Bot -Careting models for a startup to distinguish the human behavior of machines. We would monitor how many clicks we receive from the IP and user string and whether it was more than n in a second, then we assume that it was a bot and blocked this data traffic. But now do you differentiate between a shameful bot or someone who works in your name? This is the future of authentication and the labor companies in the industry continues to pioneer.

Authentication: an ‘And’ not ‘or’ Sentence

Despite new authentication methods in eternal development and an advancement of regional requirements such as Singapore Singpass or the Digital Identity Wallet of the EU, Not a single tool will ever have a full market share – some customers always prefer the simplicity of options such as OTP, while others demand the stringence of Passkeys or other modern tools.

The responsibility remains with companies to offer a variety of options to meet customers where they are and Implement strategies to protect the root of each method from srying/phieren, social engineering or a wealth of other identity -based attacks. This authentication between friction and freedom is not obtained by those who prioritize one or the other priority, but those who can walk between the two to have their customers seamless, yet safe experience.

Anurag Dodeja is the head of product, user authentication and identity at Twilio.