Personal Woes of Two-Factor Authentication

Dust off that PC . . . and that authentication?

This past weekend, my buddies in Europe organized a night of online gaming. It had been over a year since I last played with them. Did I stop to worry about authentication? Heck no. I fired up my dusty PC and launched a leading distribution platform for PC gaming.

Problem was I forgot the password to my account and was locked out for an unknown amount of time. This was absolutely frustrating since there was no “Reset Password” button. I had only two options: 1) Launch the mobile authenticator and provide the generated code, or 2) Contact customer support and expect a response within the next 24 hours. Option Two was not viable since I was online at that time to game with friends who were already 5+ hours ahead of my Eastern time zone.

Overcoming unnecessary friction

The nightmare ensued after I clicked Option One. “Please launch your mobile authenticator and provide the generated code.” I went through my phone and found the app, launched it, and realized I may have lost access to my account with hundreds of dollars worth of games.

The mobile authenticator did not work because the account was tied to a British mobile number and device I had years ago. I have a USA mobile number now so an OTP sent to my disconnected British number was of no help.

I was locked out and didn’t know how I was going to authenticate to my account. That is an awful feeling that no customer should experience. And yet you're all nodding along because you've been there.

I spent the next hour digging through storage boxes to find my old phone, praying that the mobile authenticator app was still on it. I fired it up and found I had 1% battery left. I frantically found the mobile authenticator and tried to login. I was faced with an error message, “Too many failed login attempts have been made from your network. Please wait for a short time before trying again.” Authentication denied. At least for a short time.

What is the definition of a short time and how long did I really have to wait? Apparently it meant thirty minutes - and after nearly two hours of heart palpitations and rummaging through cardboard boxes - I was finally able to login.

What’s the takeaway?

Security is meant to protect . . . but it shouldn’t be the reason the customer is locked out of the services they pay you for and then left stranded. Had I been given more options to authenticate besides a mobile authenticator app, I would’ve saved time, headaches, and been able to join my friends much sooner. I'd feel more incentivized to be a loyal customer had my login journey been user-friendly and intuitive instead of the mad scramble that it was.

It’s the 21st century. Let’s give customers the intelligent login technology they deserve. If you invest in them, they’ll invest in you.

For more information on how you can improve the login experience for your customers, check out our Intelligent Authentication video playlist here.

Who Is Lani Leuthvilay?

Who’s Lani? Lani is a Solutions and Product Marketing Manager here at ForgeRock. She listens to customer needs and makes sure our product capabilities shine bright enough so customers can find them. Want to hear more from Lani? Check out her blog posts, or perhaps invite her over for dinner; she makes a mean pork chop.

Recent Posts:

Privacy and Access Management: Insights from Michael Chertoff

Former DHS Secretary Michael Chertoff Talks About Privacy and Access Management at Gartner’s US Security & Risk Summit

On Tuesday morning at the Gartner Security & Risk Management Summit in National Harbor, Maryland, former DHS Secretary Michael Chertoff sat

Cloud Deployment: Berlin Hosts A Workshop

Attendees at this year’s Berlin Identity Live Summit returned for a second day of talks at a second venue.

Breach Happens. Got the Right IAM?

It seems as if a week doesn’t go by without us hearing about a security breach that takes down a government installation, causes havoc among companies across an industry, or steals the private data of millions of consumers.