B2B identity marketing has a bad habit of overselling and under-describing. After meeting with several different vendors, you might feel like you met with the same company every time — even though there were technological differences between them. Unfortunately, they either wouldn’t or couldn’t clarify how their offering is actually different from competitors because they relied on a buzzword-centric vocabulary.
This problem stems from three root causes:
The buzzwords they use paint a confusing picture of the identity landscape, one where you’re not quite sure what you’re getting into until two phone calls and a Zoom meeting later. And even then, it can be unclear how one vendor compares to another.
Transmit Security doesn’t make you play buzzword bingo, and we reject the lack of precise language in our marketplace. Instead of dropping vague terms to confuse or convince, we’re going to clarify our perspective and provide insights in the market. Let’s start by dissecting one of the most common culprits: “passwordless.”
What they mean: It’s only passwordless for those who have the mobile app, use OTPs or magic links, ultimately resulting in “passwords in disguise.” There’s also what we call convenience biometrics, which are surface-level “passwordless” solutions that use fingerprints or face scans — but actually fall back on passwords.
With the solutions above, users still have to create a password at registration, which can lower account opening rates up to 10%. It also means they store customer credentials (which can be stolen), and they likely use them for account recovery, which is most fraudsters’ preferred entry point.
If your user has truly forgotten their password and needs to reset it, this negatively impacts their experience. Meanwhile, it erodes security because your users can have their passwords stolen or guessed. If a customer reused a breached password at your business, the bad actors can access your customer’s account without any obstacles.
What we do: Customers don’t need a password anywhere because of our unique ability to use the native browser or your brand’s app as an authenticator. With our ability to transfer that trust to new devices with or without an app, we make it possible to register without a password and never use one throughout the entire user lifecycle.
Simply put, if your user doesn’t want a password, they don’t need one. Other companies often end up with a “password in disguise,” meaning a password shows up when they switch devices, lose their device or need to work in different software environments (i.e., Microsoft vs. Apple) affecting security and user experience. With Transmit Security, that’s never the case.
What they mean: Standards-based identity with a frontend of passwords or 2FA — usually SMS or email OTP. This is widely known to be insufficient for security, although it’s better than nothing.
What we do: Starting with our approach to the term “passwordless” above, we’re helping companies and their users eliminate passwords. However, we know that going 100% passwordless may not be possible for all businesses right away.
That’s why we leverage account protection analytics to monitor hundreds of risk signals in real time for those customers who are not quite ready to move to passwordless. Simultaneously, the mere option of passwordless login gives us greater confidence in user trust, or greater assurance, providing a tailored experience. This means we can both increase the quality of step-up authentication while lowering friction.
Every user can benefit from passwordless authentication and the Transmit Security CIAM Platform, even those who don’t immediately adopt a password-free experience.
What they mean: Multi-step, traditional 2FA. This is password reinforced with an OTP or authenticator app. These old methods are intrinsically vulnerable to attack, and they negatively impact the user experience. Moreover, they tend to require a complex opt-in process that typically keeps adoption under 25%.
What we do: Single-step passwordless MFA that simultaneously secures and improves the user experience. Meanwhile, we safeguard and modernize traditional MFA for the handful of users that need it. We’re seeing up to 91% adoption of our single-step MFA with our most successful deployment strategies. A user only needs to select “Sign In,” scan their face or finger, and they’re back to shopping or enjoying your services.
What they mean: There’s less friction because customers use one username and password across apps, but the user can easily forget the password or abandon registration. Depending on the industry, this means abandoned purchases and carts, lost customers and missed insights.
What we do: Provide an email, tap your finger or look at your camera, and you’re in.
What they mean: Similar to the above issues with “Passwordless,” “ MFA,” and “Frictionless”: it’s an email plus a password or “passwordless” approach, which causes issues when switching platform ecosystems, devices or channels. This may actually hinder registration because they take more steps than a simple password might. Lastly, the vendor/solution might eliminate some surface-level friction while increasing it in other areas — like account recovery.
What we do: Enter an email, then click or tap twice. That’s it.
What they mean: Compromise on security to offer better experience, or vice versa. Most users don’t like sacrificing one to get more of the other. Do they want to be anxious that their account isn’t secure (e.g., not opting in to MFA), or would they rather be forced to enter a passcode or download an app, which slows them down? Faced with two poor options, they may just drop off.
What we do: We don’t balance or compromise. You can improve security and user experience at the same time. The same design philosophy underlies both: better experience through better security, and vice versa.
What they mean: I want your “Zero Trust Budget.”
What we do: We don’t try to grab your attention with buzzwords, so you won’t catch us on this bandwagon. We acknowledge that identity is an element of a Zero Trust Framework, but we’re not in the business of overstating its importance — or convincing you that you need to spend more for less.
What they mean: You can use one password, no matter the channel. Unless it’s non-digital, like a call center. In that case, you have a different experience altogether. With some, you get passwordless and FaceID. Others might have you log into the mobile app, but not the browser. With others, you get access in the browser, but not across platforms (e.g. Safari on Apple or Chrome on Microsoft/Android).
What we do: Provide a unified experience regardless of the device or channel, even non-digital ones. Your users can have the FaceID mobile app login experience anywhere: at registration, in a mobile browser, in a laptop browser, on a television or living room device, in the contact center and just about anywhere you can imagine.
What they mean: “We’re the best, how could you not work with us? We’re going to ‘prove’ this with a lot of buzzwords instead of tangible differences and real outcomes.”
What we do: We excel at what we do, and we know where we stand. We’re transparent about what we’re not, and you’ll be able to see this when we have our first conversation. We welcome any comparison because we’re confident in our approach and appreciate the opportunity to earn your business.
Bottom line: hearing these buzzwords should be red flags, but it’s also an opportunity to ask questions. If a salesperson says they offer “secure passwordless,” ask them what that means. Why is it secure? What makes it passwordless? Do they really remove passwords from the equation, or are they simply buying into the marketing speak?
A good litmus test is to point out an identity vendor’s claims look just like their competitors’: “Your biggest competitor also says they’re omnichannel. What makes yours different or better?” If they can’t answer the question, or if they’re unsure how to demonstrate their offer is superior, you might be talking to some buzzword users.
Straight talk is important in this industry, and not just because it shows you know your product. It demonstrates respect for your customer and confidence in your ability to do the job. Don’t be afraid to challenge salespeople who seem like they’re pulling the wool over your eyes. While they may have bought into the buzzwords, it’s worth your time (and your budget) to set the story straight.
Challenge us, too. Demand honesty, but more importantly, only work with an identity vendor you can trust.