Request Demo

Why Strong Usernames and Passwords Don't Cut It Anymore

Admin | 21 June 2021 | Read time: 10 minutes
Topics | Paywalls, dynamic paywall

We use passwords every day to access all kinds of information – from our emails to our social media accounts. Businesses use them too to keep their data and customer details secure. 

A strong username and password were once enough to keep your accounts and details safe. However, modern technology has made it easier for hackers to run millions of guesses to gain access to our accounts.  

This is why it's so important for digital publishers, who act as the trusted gatekeepers for readers' personal information, to turn to stronger methods of protection such as identity management solutions. These provide an additional layer of resistance against those who wish to infiltrate business systems and data platforms.

Hackers aren’t only more likely to target businesses but in doing so, they could also gain access to private and confidential information for a significant number of people. That could have serious repercussions for all involved but especially for the business itself. Telling your clients that your systems have been breached could mean you lose their trust while also putting off any potential customers. 

Auction site eBay learnt this the hard way in 2014. Hackers gained access to the credentials of three employees for a shocking 229 days and used them to obtain the details of 145 million users. The site subsequently asked all of its customers to change their passwords to avoid becoming victims of phishing scams. Thankfully, those users' banking details were stored separately but the incident resulted in a loss of trust from those who used the site and the company was heavily criticised. 

So, with this in mind, and if passwords aren't enough anymore, then what should you be using instead? 

The decline of passwords

Over time password requirements have become more and more complicated. 

Password creators often instruct users to make their chosen password a certain length and to include a combination of capital and lowercase letters, numbers and special symbols to ensure security. The user then types in their chosen password and is told where it stands on a scale of weak to strong. Passwords that don't spell out a word and use a combination of symbols and numbers are considered to be tougher to crack. That means skipping the kids' birthday dates or your pet's name. 

Once secure credentials are in place, users only have a certain number of attempts when trying to log in before they are locked out or before they can try again. 

While this is of course a requirement that offers a certain level of security, there are other options available that ensure your private and personal information is protected. 

Not only does removing passwords from the equation increases security but it will also make the process quicker and easier for the user. 

The average person has 100 passwords and these often become so complicated they have to be written down in order for the user to remember them – which, of course, defeats the point and makes each password less safe than it should be. 

But, if it’s not noted down somewhere, we can end up attempting various combinations to try and remember the one we chose before giving up and resetting each time anyway. These new ways of protecting your information avoid that. 

This is why publishers and subscription businesses should now be looking for the best user authentication methods via an identity management platform

It is where a subscription experience platform such as Zephr can help, allowing you to make the login process as secure as possible so that accounts can only be accessed by the user.  One way of doing this is via passwordless authentication methods which cuts out the need for passwords altogether while still keeping accounts secure. 

Why choose passwordless authentication

Passwordless authentication is secure and saves customers time and hassle. There are a number of ways of implementing this security measure and many businesses find that they are far safer and more secure than your average password. We've considered some of the best options below: 

Social sign-in

What is it? Social sign-in is when you use your social media accounts as password-based authentication during the sign-in process. There are various social media platforms that can be used including Facebook, Twitter, Google and Instagram. 

This means that the user can take advantage of their existing username and password, so they don’t have to create a new one, making it much easier for them to log in. It also gives you direct access to their information saved for the chosen site. 

Platforms such as Spotify and mobile gaming apps utilise this option already, making it quick and easy for people to sign-in and link their accounts, while also enjoying additional security. 

Why is it safer than just using a password? Of course, you don’t just want it to be easier, it needs to be safer too. It’s vital that the personal information on these sites is safe and social media platforms will already have strict measures in place to protect users, which means they will manage the authentication side of things. 

Many social media platforms also offer two-factor authentication which increases security and creates another layer for hackers to get through. 

If you adopt social sign-in for your products or services, the onus is on the social media platform to provide a secure solution to logging in, you just need to provide the link. This means in terms of security software and requirements, you can rest easy knowing that the likes of Facebook has it covered.

Password-less authentication

What is it? As the name would suggest, this is a method of logging in without the use of a password at all. For a website, this is usually done via a secure, personalised link. 

Users will configure their email address or mobile number to their account and then receive a passcode that can be used once to log in. A new one will be sent via email or SMS each time a login is attempted.

Why is it safer than just using a password? Firstly, this is safer because you are using a second device. A second device can only be accessed by you, which removes the potential hacker from the login process completely. 

Also, these links can only be used once and if they aren’t used within a certain period of time, they will expire. If this happens, you’ll have to generate the link again. 

This makes it harder for someone to hack your account because they have a limited window of opportunity even if they did somehow gain access to your second device.

Multi-factor verification

What is it? This uses various different devices and applications. You may have known this security measure as two-factor authentication but often you’ll need more than two identity credentials for true security. These include: 

  • Knowledge factor – something you know – often a security question. 
  • Inherence factor – something you are – this could be voice authentication, face recognition or a fingerprint scan. 
  • Possession factor – something you have – this could be something physical such as a card reader for your banking or a keyfob to access a device. 

Why is it safer than just using a password? By having to identify yourself via various different means, multi-factor authentication significantly reduces the chance of accounts being accessed by anyone other than the authorised person. This is because even if they were able to hack one of the layers of authentication, there are several more in the way. 

If you want to ensure the information that sits behind a username and password is as safe and secure as possible, then you should really be considering identity management solutions such as passwordless authentication. Contact Zephr to find out more about creating frictionless access to your content.


Ask our CPO: How to implement new tech

With the digital publishing space rapidly advancing, and users demanding better online experiences, it’s imperative to stay up to date with the latest...

Technology Vendors vs. In House Builds

  3 Reasons publishers should choose tech vendors over in-house builds With users demanding more personalisation in their online experiences, digital...

What is a metered paywall?

For anyone in the digital publishing sphere right now, choosing the right paywall is a critical decision that impacts your customer acquisition, business...
Subscribe to our newsletter

Get updates direct to your inbox

Subscribe to our newsletter

Get updates direct to your inbox