In today’s digital landscape, offering only one sign-in method, such as a username and password, is no longer sufficient to meet the diverse needs and expectations of users. As technology evolves and global markets expand, it’s imperative for websites and apps to provide multiple, secure, and convenient login options. By doing so, businesses can enhance user experience, improve accessibility, and strengthen their competitive position. In this blog post, we’ll explore the numerous benefits of offering alternative login methods, from wider device support and increased security to enhanced user satisfaction and operational efficiency.
Providing alternative login methods has many benefits for users and online service providers:
- Wider user reach
Different regions, countries and user groups all have their most preferred way to login to consumer or business services. For example, BankID in Scandinavia, Finnish Trust Network in Finland, LINE in Japan, WeChat in China etc. Not offering the common services for the region where you users are coming from can limit service adoption and sales. Access to download various smartphone authenticator applications may also be limited to certain app store regions. - Protection from lost sales and lost business
The inability to log in, for whatever reason – technical or non-technical, creates user frustration, delays and often times lost business. For an end-user, it can be easier to log in to a competitor’s service than to work out why login to your service is failing. When passwords are forgotten or text messages never arrive, having alternative options on offer increases the chance of the user signing in without any further assistance required. In the same way online shopping carts are abandoned when payment services are too difficult to use, users who can’t log in never even get a shopping cart in the first place. - Operating cost management
Some third-party authentication services can add significant operating costs as the number of login events increases. Costs associated with an identity provider service may be easier to negotiate if the there are alternatives already available to use. Where there are multiple authentication options, these can be presented in an order that encourages the selection of the most cost-effective option. - Technical redundancy
Imagine that the authenticator app or email client that you use continually crashes for some reason due to an unexpected mobile operating system update. Unable to click on a notification or get a generated one-time password, you are locked out of your account. Sometimes login systems are down for maintenance, upgrades, network issues or because of unforeseen difficulties. In these cases, instead of contacting support, choosing the button to sign in using an alternative provider is faster and easier. This lets the user solve their own login problems without any support burden and related costs. - Wider end-user device support
Providing only “Sign in with Apple” or “Sign in with Google” makes things difficult if the user ever leaves the respective Apple or Google ecosystem, even if your app or service is targeted certain platform users only. Some organizations even have policies that forbid their employees from using non-corporate login systems for business use. Users could be shut out from accessing their personal information or historical records. Supporting multiple sign in methods enables users to securely access their data if they change devices or operating systems. - Dealing with life’s little surprises
Consider the situation where SMS one-time password is the only MFA option, but the SMS never arrives, due to network failure, being out of network range, having a flat battery, a broken screen, lost or misplaced phone or service subscription halted due to an unpaid phone bill. It’s nice to have another way to sign in in these cases. - Improved accessibility
For users with disabilities, the ability to use the authenticator or identity provider of their own choice can allow them to access online services without assistance. Different authenticators suit different users, some don’t work at all for parts of the user community. - End-user device compatibility
Access to download various smartphone authenticator applications may also be limited to certain app stores, be region locked or be incompatible with user devices in the field running older operating systems. - Helping to avoid unwanted surveillance
Repeatedly logging in via the same identity provider has the potential to inadvertently allow tracking your behaviour closely. By using different providers, or choosing authentication methods that are not inherently traceable by third-parties, users are empowered to choose freely in order to protect their own privacy. - Avoiding identity provider lock-in
If there is a data breach or other security event at an upstream identity provider, immediately disabling it is the fastest approach to avoid collateral attacks. Disabling a provider is easy when there are many other alternatives still available to use. Service continuity readiness requires planned, ready-to-go contingencies. Identity providers can also cease operating at short notice for other commercial or legal reasons. Do not keep your eggs in one basket. Diversifying the range of sign in options mitigates the risks of individual solutions. - Meeting compliance requirements
Depending on the nature and jurisdiction of the application, where sensitive, private and/or personal information is processed, compliance with relevant security, privacy and usability legislation is mandatory. Different types of transactions may require different authentication techniques mandated in legislation. This legislation can change over time. Being able to add and change authentication methods easily makes staying compliant easier. A good example is the European Digital Identity Framework, which will see the roll out of digital identity wallets for European citizens in the coming years. Public sector services and certain industries will be forced to allow sign in using these new wallets. - Ready for the future
Technology and legislation is changing at a rapid pace. Authentication protocols, products and techniques adapt to these changes. Being ready for new trends and changes in user expectations with regard to sign-in techniques requires that applications can easily add, remove or change the sign in methods offered. Adding newly emerging biometric authentication, authentication methods based on quantum-resistant cryptography solutions or emerging AI-supported authentication tools should be a matter of reconfiguration rather than application redesign.
Designing and planning for multiple sign-in methods with best practices
Fortunately, many commercial software applications today are designed to support externalised user authentication and authorization. These applications can be configured to be connected to a Identity Provider Broker, either hosted in the cloud, or run locally on-premise. This Identity Provider Broker, or IdP Broker for short, is responsible for the secure communication with various identity services and authentication methods. It is responsible to present a list of the various different login options and all of the complex logic to integrate with these methods and services.
When planning the design of a new online service, the product manager, architect or product owner should insist that user authentication is performed outside of the application itself. This is sometimes called single sign-on (SSO) support, federated identity support, externalised identity or referenced using the terms of related protocols, like OAuth, OAuth2, OpenID Connect or SAML. It accelerates product development and simplifies the logic of the online service.
Even older, legacy applications and services can be modified to replace built-in authentication options with externalised authentication with minor application changes.
Supporting multiple sign in methods is a first step
Once authentication has been externalised and multiple sign in methods are supported, this opens the doors to other powerful functions that can enhance user experiences:
- Support for teams and groups
An external identity provider can also provide information to an application about an individual’s membership to an organisation, be it a company, team, club or family. This enables convenient sharing of information and responsibilities within an online service. - Cross-organisation collaboration and information sharing
Sharing is not limited to your own organisation – information can be gathered from or distributed to users at other organizations – such as partners, suppliers, customers and sub-contractors. An application that is integrated with an externalised identity management system can get and access to these rich connections and permissions without building it all into their own service. - Performing tasks on behalf of someone else
Often times, the person using an online service is doing something on another person’s behalf. It may be a consultant helping a client to get things done or an adult doing something for their elderly parents, or a care-giver assisting a person in need. This should not be done by sharing sign in credentials, rather by authorising the other party to do these tasks. - Performing tasks on behalf of another organisation
In business, outsourcing of certain functions to another organisation is commonplace. These partners need access to the client firm information and tools provided by online services. This can be achieved through externalised authorization.
Do you need help adding more authentication and authorisation options to your online service?
Ubisecure offer software and services to allow your customers to sign in using the authentication method that they choose, from a range of options that match your security choices. Different ways to sign in can be added or removed as requirements and markets change. Support for teams, groups and on behalf of use cases can be added to new and existing services. Contact Ubisecure today for more information and a no-obligation demonstration.
About The Author: Keith Uber
Keith is VP Customer Success at Ubisecure.
His specialities include: Identity and Access Management, identity federation, authorisation, access governance, authentication policy and technology, and privacy.
More posts by Keith Uber