The “I forgot my password” button is familiar to everyone, but a friend to no one. It’s annoying to have to stop what you’re doing, wait for an email from the site and then reset your password. The experience is inconvenient and frankly offputting.
It’s not popular with websites either, for two reasons: one, because the whole process is expensive to manage and two, because forgotten passwords can derail the buying process. If you can’t remember your password for one site, the easiest thing might be to shop elsewhere.
It’s little surprise we frequently forget passwords; the average 25-34-year-old now has 40 online accounts. Few people can remember 40 random passwords so users end up reusing the same ones for many sites or simply writing them down. The security implications here are obvious. And while password management tools exist, they’re not widely or well used. It’s clear that we need a better way to go online.
These are some of the drivers behind the rise of social access solutions. Rather than every site requiring a new username and password, “social access” means using one, standardised social identity to engage with sites and services quickly and easily. Rather than logging in with a username and password specific to each site, users are given the option to log in with their existing social media profile details.
The people running social media platforms are smart cookies, and they have sensed an opportunity. As the likes of Facebook and Twitter increasingly become centralised hubs for activity in the digital world, there is potential for them to become the de facto identity providers for frictionless online engagement. As they grow (Twitter added 83 million members over the past six months) they will almost certainly become established as a basis for engaging with online stores and government services.
The consumerisation of expectation
By recognising social identity as a way of accessing services, there are a number of benefits to the individual as well as businesses and governments. User experience is the key to most online services, and using social identity to access sites makes life much easier for users. They can browse the internet, purchasing goods and using services very quickly without having to find passwords, or request resets constantly. This is something we call the “consumerisation of expectation” – we just expect technology to work, and we demand a simple and pleasurable experience.
It’s this level of expectation that will continue to drive companies towards implementing social sign-in. In return, business and governments are finding that the process of engaging with users is greatly simplified.
Individuals are far more likely to check-in online to do their tax return, for example, if it is a simple process of utilising their existing social identity, rather than having to find where they stored the password set up the previous year. Businesses will be better able to offer targeted marketing and advertising, based on actual interests rather than some existing hit-and-miss offerings. Unsurprisingly, retailers are leading the field in this regard; with Gartner predicting that by 2015 half of retail customer logins will be made via social networks.
As social sign-in is still relatively new, there are still some interesting questions surrounding its use. For example, we’re always told to use different passwords for everything to ensure maximum security, but some argue that social access goes against that maxim.
The reality is that it’s still early days in our understanding of how this approach can be applied, and like any technology its application will fit some cases better than others. For example, no one is yet suggesting that we will be able to access medical records with our Facebook login any time soon. On the other hand, complementary technologies could be used to increase the security of social access. Multi-factor authentication, which allows social sign-in to services but only from a certain computer in a certain location, would increase security and enable more sensitive applications of the technology.
The government is convinced it can make social sign-in work securely. It has set a 2014 deadline, by which time UK citizens will be able to apply for jobs, benefit payments and student loans online using social network login details. Further afield, New York City is already using social access to deliver public services. During the recent snowy weather, citizens could sign in to city information portals using social login details and check when the snow plough would be clearing their street. If Facebook knows your address, the whole process of finding information is expedited and made more user-friendly.
Ultimately, a population that uses social media as a standard form of communication will increasingly define itself in terms of social identity, and will expect the businesses and government agencies who serve us to follow suit. The era of social identity is coming. Are you ready?
Geoff Webb is director of solution strategy at NetIQ
Source : http://guardian.co.uk
Completed [MSCE, CSSA, APP, RHCSE, RHCSA, CWNA, CWNE, CISA, CISM, C|EH, VCP, CISSP]