It’s no wonder that the Federal Trade Commission (FTC) logged more than 1.1 million instances of identity theft last year. This disturbing statistic underscores the immediate need for companies to make their authentication measures more robust. Businesses now must walk a fine line between security and customer experience. As authentication continues to change and grow, it’s important that businesses take a nuanced approach that weighs customer needs along with regional regulations and demands.

The Authentication Balancing Act

In the security/customer experience dichotomy, businesses are getting it wrong. In fact, four out of ten of them consider that to be the most important issue. Authentication can involve the use of static passwords or one-time-passwords (OTP). They showcase innovative solutions such as multi-factor authentication (MFA), single sign-on (SSO), and silent network authentication (SNA). Such variety reflects customers’ different needs and preferences.

Anurag Dodeja, head of product, user authentication and identity at Twilio, argues that authentication is not a perfect one-to-one fit. He illustrates the point with a personal example of traveling to Kansas City for work, highlighting the various authentication challenges one might encounter. To one user, the simplicity of OTP is enough, but the next user needs the stringency of passkeys or other leading edge tools.

Regional requirements further complicate the landscape. Singapore’s Singpass and the EU’s Digital Identity Wallet are just two examples of highly localized authentication approaches that global businesses need to be able to adapt to. The ones that succeed at authentication balance the needs and limitations of their customers, going to meet them wherever they feel safe and secure.

Zero-Trust and Continuous Authentication

With each passing day, cyber threats are growing more advanced and more complex. To implement a zero-trust model, businesses should start by implementing authentication as a continuous, risk-based process. Underlying this approach is the idea that no one user or device should ever be trusted by default and must be continually validated at each step of their interaction. Continuous authentication means passively surveilling patterns in user behavior and device characteristics to identify deviations that suggest fraud attempts.

Twilio employs various techniques to enhance security, including monitoring IP and user agent string clicks to detect and block bot traffic. The company has switched to WebAuthn as the only method of 2FA for employee authentication, enterprise-wide. These measures show a clear commitment to strong security practices.

Customer preferences are all over the map and companies need to provide a spectrum of choices to meet the diverse comfort levels of their patrons.

Tailoring Authentication to Customer Needs

The secret to getting authentication right is to consider and cater to customer priorities. Like many things in life, businesses simply need to make it available. They must offer specific instructions about how to implement each approach in an impactful way. That means making sure you’re attuned to regional standards and cultural variances.

Brands need to find the middle ground between strong security and seamless convenience in order to avoid fraud losses. Excessively heavy-handed authentication measures annoy consumers and drive them away from completing transactions. Flabby security practices can expose private companies and their customers to identity theft and other cybercriminal enterprises.