Incognia Mobile App Friction Study Measures the Pain of Password Resets
Klover and eToro mobile apps get top ranking for Lowest Password Reset Friction.
Palo Alto, CA -- July 14, 2021 -- Mobile authentication pioneer Incognia, today announced the publication of their third Mobile App Friction Report - Login Authentication and Password Reset, for 2021, which highlights results from their most recent study focusing on authentication and friction at login and the password reset process. The study was conducted to provide banking, financial services, and investing/trading mobile apps with insights on the state of mobile app login authentication and the friction when a user resets their password. The report reviewed 27 of the leading mobile apps from major fintechs and banks including Klover, SoFi, eToro, Robinhood, Stash, Coinbase, Ally Bank, CapitalOne, TD Ameritrade, Varo, and more.
The report comes as Incognia’s zero factor authentication solution reaches deployment on over 100 million mobile devices during a pivotal time of increased mobile usage and fraud. Financial services apps experienced tremendous growth during 2020. When compared to 2019, time spent on mobile financial apps in 2020 was up by 90% in the U.S. At the same time fraud losses in 2020 increased to $56 billion.
This surge in both fraud losses and mobile usage highlights the need of financial services companies to look to multi-factor authentication (MFA) solutions that provide stronger security than passwords without interfering with a great mobile user experience, a key competitive advantage in today’s app-driven world.
“Investment in new, lower-friction alternatives to orthodox authentication methods and in truly adaptive approaches is needed to ensure optimal combinations of security and UX/CX.” according to Gartner1.
With passwords still present as the most common authentication method in the set of financial apps tested by Incognia, the friction created by the password reset process creates a pain point for users. The Incognia Mobile App Friction study found that the majority of mobile apps, 26 out of the 27 apps tested, still rely on passwords as the primary form of authentication, with one time password (OTP) as the most common MFA method, used in 17 of the 27 apps tested, even though NIST’s identity guidelines consider out-of-band authentication over SMS a restricted channel due to security concerns.
The average time required to reset a password was 1 minute and 12 seconds for the apps in this study.
“Resetting a password on a mobile app is a huge waste of time and can greatly impact customer satisfaction,” said André Ferraz, founder and CEO of Incognia. “This is especially important for fintech companies, whose customers seek to simplify their finances and lives. Incognia’s zero factor authentication offers the opportunity to remove both the password and password reset process for the vast majority of users.”
The data gathered during the analysis of each app was used to create the Incognia Password Reset Friction Index. The Password Reset Friction Index provides a measure of how much friction users must endure to reset a password to regain access to their account. The lower the Index, the better the password reset experience. The Password Reset Friction Index accounts for the following factors:
- Screens: The number of screens presented to the mobile user, counting from the screen immediately after clicking “forgot my password” until success of the process is acknowledged.
- Fields: The number of fields the user has to fill in to reset their password.
- Time: The amount of time the whole process takes to complete a password reset. Since elapsed time is a strong indicator of friction, time had a double weighting in the calculation of the friction index.
Key data points from the report include:
- Lowest Password Reset Friction: Klover had the lowest Password Reset Friction overall and for financial services/banking apps. eToro had the lowest Password Reset Friction among investing/trading apps.
- 4.6 screens: Average number of screens required to reset password.
- 4.2 fields: Average number of fields required to reset a password.
- 1 minute and 12 seconds: Average time it takes to reset a password. Klover and Varo tied for the shortest password reset time at 29 seconds.
- 26 out of 27: Apps using password-based login as their primary authentication method for financial services, despite low security and high friction.
Incognia’s zero factor authentication is a method of authentication particularly well suited to mobile since it uses network, device, and location sensor information from the mobile device to silently assess risk during login and other sensitive transactions. With the sharp increase in mobile app usage, Incognia’s zero factor authentication solution – which leverages analytics, passive behavioral biometric methods, and contextual data – allows for an alternative, highly secure, and frictionless form of authentication for the vast majority of low risk logins to mobile apps.
Download the Incognia Mobile App Friction Report - Login Authentication and Password Reset here: https://www.incognia.com/resources/mobile-app-friction-report-login-authentication-password-reset
1 Gartner, Transform User Authentication With a CARTA Approach to Identity Corroboration - 2 April 2020 Ant Allan, Jonathan Care
Incognia is a privacy-first location identity company that provides frictionless mobile authentication to banks, fintech and mCommerce companies, for increased mobile revenue and lower fraud costs throughout the customer journey. Incognia’s award-winning technology uses location signals and motion sensors to silently recognize trusted users based on their unique behavior patterns. Deployed in over 100 million devices, Incognia delivers a highly precise risk signal with extremely low false positive rates.
Incognia is privately held and headquartered in Palo Alto, California with teams in New York and Brazil.
Madeline Kalicka, Karbo Communications for Incognia