There is little consensus among businesses or customers when it comes to a preeminent or even preferred type of identity authentication, from passwords to passkeys to a veritable alphabet soup of other options — second-factor authentication ( 2FA ) / one-time passwords ( OTP), multi-factor authentication ( MFA ), single sign-on ( SSO ), silent network authentication ( SNA ).
Yet, there is consensus over whether these tools are necessary. According to the FIDO Alliance, more than half of customers ( 53 % ) experienced an increase in online scams and suspicious messages in 2024. This was essentially fueled by SMS, email, and phone calls, and advances in AI only made things worse.
Businesses must walk a tightrope between strong security and simple convenience, perhaps at a time when fraud and related costs are still rampant ( the Comisia Federală pentru Comerț received more than 1.1 million identity theft information only last year ). Over-indexing on either will lead to customer alienation; too many rings and you will lose their patience, and too few rings, you will lose your patience.
How do companies achieve this delicate balance and put together powerful authentication solutions?  ,
The client is always in the straight.
What businesses impose on employees often has a bearing on their customers when it comes to identification. We completed the company-wide mission that required us to switch to WebAuthn as the only 2FA option for employees. When your employees don’t include a decision, but your customers do, this “forced deployment” works.  ,
I recently made the booking for a lodge for my family holiday, so I visited my favorite travel website, found the ideal space, and made the booking. One matter: I kept getting the CAPTCHA error on their page once or twice. After the second attempt, I returned, found the same space at the same price on the website of their competitor, and made a reservation.  ,
Businesses can devote large budgets to top-of-funnel marketing that draws customers to their websites, goods, and services, but friction in the user experience that prevents conversion ( Authorization frequently serving as the initial touchpoint ) is a waste of money. Finding a balance between protection and the customer experience, in particular reducing friction during account signup, is one of the most pressing problems for over 80 % of companies.
Especially in the wake of the adoption of new technology, consumer behavior is challenging to change. If it isn’t extremely user-friendly, it won’t matter if fingerprint or public-key crypto are more secure. Why do you believe that so many people also rely on simple credentials (you know who you are! )? In fact, you can’t force consumer adoption; businesses that get authentication best acknowledge the needs and needs of their customers, meet them where they’re pleasant, and grasp that it can’t be one-size-fits-all.
A potential based on signals
The future of authentication may be influenced by ongoing signals more than arbitrary identification check points like purchases or logins in this conflict over friction and freedom. Consider identification as a brakes system, whereby businesses can lower or transfer the pedal to reduce or increase friction in response to customer behavior.
This suggest I get a 20 % off new rims from my normal auto shop. I’d hope a smooth registration experience if I click on the notification because they sent me the message, I’ve been a loyal client, and I’m using their app from a recognized gadget. This claim I have a job trip to Kansas City. Given that I’m in a completely different location based on my past purchases, I’d believe them to register me out or request proof of identification to maintain the program if I open my computer while I’m still logged into my favorite e-commerce system.  ,
Think of the ecosystem of applications that we use once to log in and rarely ( if ever ) log out of, such as email, social media, home security, and streaming services. What happens if your session is hijacked or your device is stolen? Businesses must adopt a zero-trust mindset, where authentication is more important than just showing your identification at the door and allowing you to roam the club. It is a continuous risk-based system that scales friction based on your activity.
Like so many other industries right now, AI is the issue. To distinguish between human and machine behaviors, I created bot detection models for a startup earlier in my career. We’d keep an eye on how many clicks we’d receive from the IP and user agent strings, and if more than N were coming in a second, we’d assume it was a bot and block that traffic. How do you tell a nefarious bot from one working on your behalf as we pass the reins to AI assistants and autonomous agents to make dinner reservations, schedule appointments, or purchase movie tickets? This is the direction of authentication, and the cutting-edge work organizations in the field continue to lead.
An “and” not” or “possible” proposition for Authentication
No single tool will ever have a majority of the market share, despite the constant evolution of new authentication techniques and the ascension of regional standards like Singapore’s Singpass or the EU’s Digital Identity Wallet. Some customers will always prefer the simplicity of options like OTP, while others will demand the strictness of passkeys or other cutting-edge tools.  ,
Businesses will continue la bear the burden of ensuring că customers have a variety of options when they choose la meet them where they are şi when they implement strategies la protect the root of each approach din smishing/phishing, social engineering, şi a range of other identity-based attacks. Those who walk the tightrope between one şi the other will win this authentication tug-of-war between friction şi freedom, allowing their customers la have seamless, secure experiences.
Anurag Dodeja is the company’s head of product, user authentication, and identity at Twilio.
Romanian 
English 