Perspectives

Taking the PR pain out of two-factor authentication failures

Two-factor authentication is a method of enhancing the security of web logins to your site. It separates a website login with another form of identification that a user has such as an email address or better, a mobile phone, which will presumably be in the user's possession.  If you have a website that uses it for customer-facing applications, make sure that your process is capable of managing authentication at peak times.

An example of poor management of this process is Nationwide Insurance, with whom I have personal experience. In the course of the past few months, Nationwide Insurance has twice had failures with its authentication.  This type of failure drives frustration levels up among customers because it is time wasting and that is unnecessary.  Moreover, it occurs at a time when people are parting with cash. While they are waiting - in my instance more than half an hour for two failed login attempts plus a phone call - customers are tempted to search for a competitor who wants their business.  Requiring a phone call is standard, because it enables the provider to validate the account.

b2ap3 large Clipboard01If a phone call is needed, make sure staff are well-trained and have in place a way to mitigate frustration - something Nationwide does not practice.  Having customers wait on extended hold times while trying to make what should be a quick payment is rubbing salt into the wound, especially when the customer has been compliant. 

 

Usuallly, these types of issues are systemic, so it doesn't affect just one person. Small numbers can be shrugged off, but remember the public relations cost to companies like Comcast for their 'impossible to leave' customer service or Netflix for their price change.  Multiply this kind of irritation across an affected customer base on social media and it can rapidly turn into a dip in quarterly profits. Moreover, if the missed payment deadline leads to penalties on bills and is a persistent fault, it is grounds for a class-action suit.

The simple fix is to ensure that the two-factor authentication process has enough bandwidth - plus a safety margin - to cope with peak traffic like at the end of a month or during annual registration periods and avoid PR fallout to the brand and social media staff having to put out fires.

Details
Category: Learning
Published:
Hits: 1778
Subscribe
Show comment form

From Our Blog

  • Skype's demise creates new method of spoofing and malware - malicious Microsoft Teams invites

    The demise of Skype and people switching to Microsoft Teams is producing a new wave of socially-engineered malicious activity using spoofed email meeting requests, some with attachments.

    Now that Skype has Skype has been retired by Microsoft, people who once used the voice and video platform for meetings have been told to switch to Microsoft Teams.  So instead of seeing a message notification in Skype, it is now much more common to see in your inbox a calendar notification email with time blocked out tentatively on your calendar.  Because meetings often require associated subject matter for the meeting, attachments and links are also quite typical. 

    It is both this increased frequency post-Skype, and the normality of having attachments for meetings that make them an ideal vector for malicious activity - something that is being exploited as the switchover from Skype happens. 

    Read more …

  • Ten years of working with the African Leadership Institute

    In this industry, clients often hire for a project, and when the project is done, that’s the end of the relationship. Projects can last a few weeks or months, and then it’s turned over. It’s seldom that clients develop the trust and a working relationship that lasts a decade, but it’s a milestone that’s been accomplished at Coherent Marketing.

    In 2013, the African Leadership Institute wanted to transition from a web 1.0 site to something that would better reflect the work they did in developing the next generation of world-class African leaders through their flagship programme, the Archbishop Tutu Leadership Fellowship.

    Read more …

  • Falling foul of copyright ambulance chasers

    When selecting a vendor to provide website development or digital communications, make sure that they provide services that prevent your organisation from legal action due to possible copyright infringement. More importantly, your vendor should help your organisation put in place processes to ensure you manage images and music, understand digital rights and licenses, and save the licenses for images you use.  This is true for digital content used on your website or in social media posts.  Choosing a vendor just because they had a really, really low price to produce your website - but expose you to copyright claims - becomes a quick method to discover that you get what you pay for.

    Artificial Intelligence (AI) now makes it easier for copyright trolls to threaten organisations for use of an image they have used online. Here's how to avoid that.

    Read more …