In December 2019, we released findings from our password usage study and had a discussion with Yan Grinshtein to gain insight into the relationship between UX and security. The problem cuts across all industries, and organizations large and small — increased complexity in password policies fail to keep us and our data safe. People either forget long, complex passwords or they practice poor password hygiene. Yan breaks down our relationship into three basic parts: time, fear, and comfort for why it is difficult to leave our comfort zone and change our behavior with passwords. Unless we take these elements into account, we will forget to address and accommodate the younger generations that are now considered the most relevant consumer and workforce segment. When you are able to balance both security and usability, you find the optimum point that keeps everyone safe — and happy.
This is Part Two of the interview. Part One is here.
Lani: Let’s continue where we left off. How do you see passwordless authentication changing the security landscape?
Yan: You have all these companies whose sole goal is to build more walls around their customers’ existing walls. Companies are spending a lot of money to secure their password vaults. Unlike traditional authentication, True Passwordless Security™ is decentralized. If you remove the vault, there is no need to secure it. You also enhance usability by taking advantage of familiar mobile devices users already own.
Lani: What do you foresee happening if security fails to meet usability quickly?
Yan: The security industry is known for its horrible user experience because UX is often treated as an afterthought or a low priority item. Vendors are narrowly focused on security — however that looks, feels, and functions. They don’t care whether people like it or not. The challenge here is that it doesn’t take the future generations of users into account.
Unlike traditional authentication, True Passwordless Security™ is decentralized. If you remove the vault, there is no need to secure it.
The population today is segmented into Boomers, Gen X, Millennials, and post-Millenials. The differences among these groups’ approach to technology differs are intriguing. When boomers struggle with technology, they blame themselves for not being technical. When GenXers struggle, they troubleshoot and work it out. Millennials and post-Millenials, on the other hand, are quite different. If they encounter a product that underdelivered they’ll say, “I’ll never use it again”. They don’t blame themselves, they blame the technology itself for not working properly.
Companies realize that if their products or services fail to meet Millennials’ standards and that of a younger audience, their products will fail and these companies will cease to exist. UX versus security — that inverse relationship — no longer flies in the marketplace. To be successful you need to have UX built into security from the start.
Lani: What is the biggest takeaway from your two and a half year study?
Yan: The biggest takeaway is that now is the time to fundamentally change how we secure people and their credentials. We have a new generation assuming the mantle as the most relevant consumer and workforce segment. And, they’re demanding everything to be digital. It’s urgent to provide alternatives that will change the world for the greater good, especially in security.
Lani: What do you plan to explore in the future as you continue your research?
Yan: I definitely want to gain a deeper understanding of Millennials, the younger generation, and their relationship with the digital world. I want to know what they feel or expect in the next phase of digital transformation.
The biggest takeaway is that now is the time to fundamentally change how we secure people and their credentials. We have a new generation assuming the mantle as the most relevant consumer and workforce segment.
Lani: What role should HYPR play today and in the future, for security?
Yan: I’ll share one thing. HYPR plays a role in changing the human condition as we know it today. This plays back to the passwords that we’ve been using for over 50 years. Because of HYPR, we are changing how humans interact with anything that’s part of the digital world.
Everyone owned a cell phone when Steve Jobs debuted the first iPhone, but they did not have an intimate relationship with their device. Not only did the iPhone change the lives of techies and businesspeople, it changed the lives for everyone in the world. And I think we have an opportunity along those lines.
Lani: Thanks so much for your time, Yan.
Yan: No problem!
This conversation has been edited and condensed for clarity.
At HYPR, we understand that you can’t have security without a thoughtfully designed user experience. In 2019 alone, Yan’s UX team worked with 110 people on qualitative studies that consisted of user interviews, usability tests, and 850 people on quantitative studies that consisted of A/B testing, visual tests, and more. To learn more from Yan and his take on a passwordless life, check out his latest blog on UX Collective.