Usernames and passwords: everybody hates them

"Many Americans would rather clean toilets than try to come up with a new username or password for sites requiring online logins, a new study shows."* 

Protecting confidential information within biller self-serve websites through enrollment, and the choosing and remembering of a unique username and password is a process that is universally hated by consumers. So, the question is: if everybody hates it, why is it still so prevalent?
 
As a test, I called up my utility, my insurance company, my bank and my credit card provider: Each time I was asked one, two or three very simple questions to ascertain my identity. I was then allowed full access to my account information. If I can do this over the phone, why can’t I do it online?
 
Delta is the only website I know of that had this very convenient way to access my SkyMiles account and I never had any trouble logging in. Recently they too moved to usernames and passwords. I have since reset my password three times and called them twice because I forgot one or the other. It’s been a lousy experience for me, and one that has already cost them more than $50 in customer service.

Enrol online and you assume all the risk
In all instances the biller knows enough about their customers to eliminate the need for usernames and passwords. Instead, billers could present a set of questions based on customer's personal information, known to both parties (referred to as shared secrets) – such as partial social security or credit card number, date of birth or a combination of these. The less sensitive the information being accessed, the less stringent the questions can be. A utility and a credit card provider would have very different levels of questions.

So why do most/all billers still request usernames and passwords?  The answer is in liability. The biller is passing the ‘risk’ of transacting online onto their consumer. 

Consumers inevitably use the same usernames and passwords as often as possible and in many instances they are so simple that they can be guessed or hacked with ease. Thus this process is simply not secure. Research published in Digital Journal proves this:  ‘Password’ is the number one chosen password and ‘123456’ is the second. The biller allows this, as they have passed the onus onto the consumer to create good passwords.

There is also massive cost to the biller: Forgotten passwords and other password related problems are the second most common help desk call. (According to Forrester Research, the average cost of a help desk call is about $25.)

In summary:

1. Customer created usernames and passwords are not secure
2. It’s a terrible customer experience
3. It’s costly for the biller
4. It’s high risk / not secure for the customer

There has to be a better way. There is a better way:

It’s time to eliminate usernames and passwords forever! You can do so while maintaining the appropriate levels of security, and delivering the best possible customer experience.