Skip to content
26 August 2020

Authentication plays a role in three business-critical phases. That’s why it matters.

Any service will benefit from well planned and executed onboarding, returning user experience and effortless payments. Authentication is something that each and every user will have to go through. But it still doesn’t receive anywhere near the amount of attention it should.


Three key moments in service use involve authentication.

This neglect of authentication is due to a variety of factors. There are those who feel that the issue is trivial and the current solutions are good enough. Draw a login screen of some kind, job done. Others may think that authentication is a regulatory or technical matter that has little attraction from a business or design perspective.

It is a common misconception that customers are especially interested in your particular service. Those who work on a service obsess about it day in day out but, in certain lines of business, customers only visit your service once or twice a year.

Examples from the travel industry

The travel industry provides an interesting example of authentication issues. There, customers typically don’t use services very often. The end result can look something like this.

These services have since been updated, so I took the liberty of using them to illustrate my point.

Login is implemented with yet another user ID. Because users never remember their IDs, there is a dedicated function for restoring them.

It’s not enough to simply log in. Users then have to dig up their booking reference before they can view the details of their trip.

VR’s old site also required a separate username subject to certain formal requirement. One more ID to remember! I think special characters were not allowed in the password either, even though this is not stated in the image.

Authentication is an integral component of the payment transaction

In addition to activating new users and making life easier for returning users, authentication is increasingly important in payments too. The PSD2 directive has increased the use of strong customer authentication or SCA in connection with payment transactions.

A bad experience in this phase quickly translates to lost business.

Avoiding the need for authentication in connection with payment transactions is a whole other issue – one whose gospel I’ve been preaching every chance I get for the last few years. Here is my previous article on the subject, and more is on the way.

In our next authentication articles, we will look at avoiding any nonsense with passwords and using cookies without being creepy. Eventually we’ll also talk about how to make strong customer authentication as tolerable as possible. Stay tuned!

Written by

Matias Pietilä

Qvik's Head of Design. A keynote speaker who also writes poetry and has mad dance moves when he lets it loose.