Manuela: I believe making two factor authentication optional is a no-go, authentication should be an intrinsic part of the customer journey. If it were on default, two things would happen: One, more users would have it on; two, brands would really consider, from the get-go, the usability of two factor authentication and how they could make it easier.
Currently, many brands are not very context-aware about how they integrate authentication measures, often resulting in broken user experience.
For example, when a user tries to change her account profile on your mobile app, but can’t remember her password, you pretty much know the user is on her mobile device, most likely a mobile phone these days; which means a phone-based authentication method, such as phone number information and 2FA SMS, might be a better choice, rather than sending her an email.
With changes ahead and new innovative products to market, it’s critical for the industry to address one of the most pressing issues of our time: balancing usability and security to protect our consumers, employees, networks and brands.
How can brands compete on usability while maintaining an excellent level of security?
Isaac: I agree with Manuela that this is a false dichotomy. Security and usability go hand-in-hand. At the earliest possible stage of product development, brands should identify security goals, and of course I think more brands should strive for excellent security. Once security goals are set, the team should identify system requirements to implement those goals, but when it comes to user experience, don’t just “make do” with typical approaches. Explore the design space hand-in-hand with security experts to reduce friction in security processes just like every other process. For instance, make enabling 2FA the easy option; explore alternate methods like geo location, biometrics, and push-based login; encrypt data by default; design user visibility and privacy in from the ground-up. In the end, the product will be both more usable and more secure.