Rising Tide of Identity Theft: Over 1.1M Reports and Growing Authentication Fatigue

When it comes to verifying identities, businesses and customers have a plethora of options at their disposal, from passwords to passkeys to various authentication methods like 2FA, OTP, MFA, SSO, and SNA. However, there is little consensus on the best approach for identity authentication.

Despite the lack of agreement on the preferred method, there is unanimous consent on the importance of these tools. The FIDO Alliance’s research revealed that more than half of customers experienced an uptick in suspicious messages and online scams in 2024, primarily through SMS, email, and phone calls, exacerbated by advancements in AI.

Even in the face of escalating fraud and related losses, with the Federal Trade Commission receiving over 1.1 million reports of identity theft in the previous year alone, businesses must delicately balance robust security and user convenience. Striking the right balance is crucial, as an excess of security measures can alienate customers, while too few can jeopardize their trust.

So, how can businesses navigate this delicate balance and implement effective authentication solutions?

The customer is always right

When it comes to authentication, what works for employees may not necessarily resonate with customers. Implementing mandates like transitioning to WebAuthn as the sole form of 2FA for employees may be successful due to a lack of choice, but customers often have different preferences.

Personal experiences can shed light on the challenges businesses face. For instance, encountering CAPTCHA issues multiple times while trying to book a hotel room can drive customers away, highlighting the significance of a seamless user experience devoid of unnecessary hurdles.

While businesses invest heavily in marketing efforts to attract customers, any friction in the authentication process can impede conversions, rendering the investment futile. Balancing security and user experience is a top challenge for 40% of businesses, especially in streamlining the account signup process.

Customer behavior is challenging to modify, especially when it comes to adopting new technologies. Businesses must understand and cater to the needs and limitations of their customers, recognizing that a one-size-fits-all approach to authentication may not be effective.

A signal-driven future

In the evolving landscape of authentication, the future lies in continuous signals rather than discrete checkpoints like logins or purchases. Businesses can adjust the level of friction in the authentication process based on customer behaviors, akin to a brake system in a vehicle.

For example, a regular customer receiving a promotional offer may expect a seamless login process, while logging in from a different location may require additional verification due to potential security risks.

As we immerse ourselves in various applications without frequent logouts, businesses must adopt a zero-trust mindset, where authentication is a continuous risk-based process that adapts to user activities.

The integration of AI into authentication processes poses new challenges, particularly in distinguishing between legitimate users and malicious bots. Enterprises are at the forefront of pioneering innovative authentication solutions in this AI-driven era.

Authentication: An ‘and’ not ‘or’ proposition

Despite the continuous development of new authentication methods and the rise of regional requirements like Singapore’s Singpass or the EU’s Digital Identity Wallet, no single tool will dominate the market entirely. Businesses must offer a variety of options to meet diverse customer preferences and implement strategies to safeguard each method from identity-based attacks.

Successfully navigating the tug-of-war between user convenience and security demands a delicate balance that guides customers toward seamless yet secure authentication experiences.

Anurag Dodeja serves as the head of product, user authentication, and identity at Twilio.