If you ever need a belly laugh, visit the site DamnYouAutocorrect.com (warning: it’s often not safe for work). It’s also a great illustration of why you shouldn’t just force users through the same exact login procedure when they use mobile apps versus full-fledged browser windows: hitting all the right tiny keys is hard work, and often the software behind the scenes is helpfully trying to “correct” everything you type.
Responsive design is all the rage in consumer web app design, and for good reason: users can put down one device, pick up another, and change the screen orientation in mere moments, and app developers can’t afford to miss a trick in optimizing the user experience. Similarly, in researching current authentication methods and trends, we’ve come to believe more strongly than ever in adapting your user authentication methods to your population, the interaction channel they’re using, your business goal, your risk, and your ability to pick up on contextual clues about the user’s legitimacy or lack thereof. Call it responsive design for authentication.
When we published our recent Customer Authentication Assessment Framework research (the report comes with a spreadsheet tool), we deliberately focused on onboarding, login, step-up authentication, and account recovery for – yes – customers, most particularly consumers. Why? Because the framework takes into account usability characteristics just as much as security characteristics, and security pros delivering solutions to Marketing had better have good answers when they propose adding friction to the login experience.