Skip to Content
Business Trends
Author's profile photo Dor Shany

How passwords can jeopardize revenue and security for businesses

What do “123456”, “password” and “iloveyou” have in common? They are among the most used, most predictable, and ultimately most hacked passwords worldwide – and a real threat for users and businesses alike. Weak, stolen or reused passwords cause 81 percent of data breachesThose leaks are not just a vulnerability to businesses but also threaten security and revenuesAnd still: In order to access the full online experience on a vast majority of websites and online services, users are required to create an account – which is cumbersome and requires yet another password to manage. Many users already jump off at this point 

SAP Customer Data Cloud data shows that only a fraction of site visitors ends up registering online and on average 17 percent of users need to reset their password on almost every subsequent visit. This does not only have a negative impact on the customer relationship but also puts pressure on customer service: According to a Forrester Report, 25 to 40 percent of all help desk calls are due to password problems or resets. Contacting customer service means additional effort for the customer – an extra mile not everyone is willing to goIn fact, 28 percent of US users responded in a recent study that they abandoned their online shopping cart during checkout because they had to create an account to complete their purchase 

 

Transforming identity management  

How can businesses provide a frictionless user experience on their websites, online shops and apps, whilst saving costs and improving security? SAP’s employee-led venture OwnID by SAP aims to transform identity management with decentralized, portable identities. Just like a key unlocks our home, a user’s phone becomes a digital key to unlock websites and apps we visit every dayFounded in 2019 by Rooly Eliezerov and myself and selected to receive funding in the SAP.iO Venture StudioOwnID’s vision is to change the mechanism of online logins and lead the next step of digital identity ownership.  

 

How OwnID works  

Websites and apps can add OwnID’s “Skip the Password” capabilities to offer users a multi-factor authentication login option with their phones instead of choosing another password. “People forget passwords, but rarely forget their phones”, explains Rooly EliezerovPresident of OwnID. “When users login to a website with OwnID, passwords are no longer necessary”. 

Instead, identities are encrypted on the user’s phone. The phone’s biometric lock mechanism like Face ID, Touch ID or fingerprint coupled with FIDO2/WebAuthn are used as a second authentication factor to validate the user and protect their identity right at loginFIDO stands for Fast IDentity Online” and is an authentication standard that enables simplified login to devices and web services – without having to sacrifice a high level of securityOwnID and third parties do not have access to any dataWebsites that already use SAP Customer Data Cloud (formerly Gigya) can enable OwnID with one click. Others can implement OwnID using a step-by-step guide without writing any line of code.  

 

Putting users in control of their data   

While one single entry into the digital world is convenientsecurity and privacy concerns slow down wide-spread adoption. With the rise of the digital economy, retailers, authorities, or banks have turned into identity management organizations, responsible for storing and protecting large amounts of sensitive personal data like social security numbers. Unfortunately, massive data breaches like the one at Equifax in 2017, which exposed the personal information of 147 million people have shown, not all of them were equipped for this new role.   

Decentralized identity puts the power and responsibility back in the hands of the individual, enabling them to control and protect their own personal data. With solutions such as OwnID, lock up takes place in decentralized ledgers which are not controlled by any organization or central institution, and cannot be tampered with. Remote hackers might gain access to pieces of personal information but proving an actual identity and logging to a website would require the physical device of that person. But when a user’s identity is encrypted and stored on their phones, what happens when it is lost or stolen? With OwnID, users provide their email address once they have a new phone and receive a magic link via email. This link allows them to login directly when clicking on it – similar to a one-time-use codeThe thief won’t be able to use the phone to login to a website since a user’s identity is protected by the phone’s unique lock mechanism.  

 

First step towards self-sovereign identity   

Decentralized solutions like OwnID pave the way towards a self-sovereign identity (SSI)Based on blockchain technology, SSI provides clear transaction documentation and allows to check the validity of credentials at any time. The decentralized structure of blockchain and the open-source design of all software components underline availability and independence. The user gets a seamless, password-less user experience and has full power and authority over their digital identity, personal credentials, and data without any centralized components.  

For enterprises, there is an equally heavyweight opportunity to take identity management to the next, future-proofed level. SSI offers significant advantages over traditional identity managementThis includes immediate access to SSI-enabled applicationsunprecedented flexibility since credentials can be created, assigned, and revoked as needed to anyone regardless of organizational affiliationsecurity as well as true privacy by design  

While it will take a couple of years for SSI to mature and gain wider adoptionwe believe now is the time to get involved and contribute to shaping the technology. The future of hyper-personalized user experiences with minimal disclosure of personal data and a fully owned digital identity starts with solutions like OwnID 

To learn more about OwnID, visit the new developer’s guide and documentation portal https://www.ownid.com

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo K Anandh
      K Anandh

      Hi Dor Shany

      Good to read your blog.

      Sometime back, SAP.Io promoted BigID. How different OwnID from BigID? Any Idea or Is it complement one another?

      Thanks & Regards