News and Insights

Are we overcomplicating authentication?

October 4, 2024

This month, many technology providers and their communications teams are focused on one important task – teaching people how to keep their data and online assets secure.

Cyber Security Awareness Month is our annual reminder to tighten the locks on our increasingly digital lives. Yet, as we focus on raising awareness, authentication is one of many areas becoming a bit problematic.

PR’s balancing act

We’ve come a long way from the days of simple passwords. Now, we’re navigating multi-factor authentication (MFA), social sign-on, single sign-on, biometrics and other passwordless systems designed to keep our data secure. But in our efforts to promote the latest tools and technologies, have we made the whole thing too complicated for the average user?

This month is the perfect opportunity to stop and think about how we’re communicating authentication –

and how we advise the clients we work with. The balance between strong security and a smooth user experience has always been tricky to achieve, but as PR and marketing experts, it’s our job to bridge that gap. After all, for any authentication solution to work, everyone must be firmly on board.

Old habits die hard

Despite all the warnings from communicators like us, people still rely on weak passwords and even reuse them across different accounts. It’s human nature. Users don’t want extra steps in their daily lives – and when authentication is perceived in this way, they will take the path of least resistance, even if that path is risky.

It all comes down to our desire for simplicity in a world where, for some, security protocols can feel like navigating a virtual escape room. In a recent global survey, our client Yubico found that 39% of consumers still believe a username and password is the most secure method of authentication. Perhaps more worrying, just 22% use mobile authentication apps for personal accounts, with that falling to 21% for work accounts.

Security fatigue is real, and if we’re going to help our clients break through, we need to take it seriously. No matter how polished our media relations skills are, if users don’t understand or are overwhelmed by the tech, it’s a losing battle.

Outcomes – not jargon

It’s easy to fall into the trap of over-explaining the technical bits of security, but most users don’t need to know the ins and outs of time-based one-time passwords (OTPs) or encryption algorithms. They just want to know how these things help them. We need to focus on real-world outcomes, not technical jargon.

People want to know what’s in it for them – so ‘’MFA makes your bank account much harder to hack’ is a solid starting point because staying secure without extra hassle is a benefit anyone can appreciate. The same goes for passwordless systems. People are done with managing (and remembering) multiple unique passwords, so the message here should speak to that frustration – ‘no more forgotten passwords, just instant access’.

The easier we make it sound, the more likely they are to engage.

Learn how to resonate with both businesses and consumers

Yes, passwordless technology is a game changer, but it’ll only work if everyone gets on board – from businesses to individual users. It’s not enough for a company to implement passwordless systems if its employees or customers don’t see the point. If even one part of the chain resists, the whole system could fail. Successful adoption depends on consistent, user-friendly narratives that drive home the specific benefits for everyone involved. So, while our remit may be B2B, we need to create communication strategies that cater to both businesses and consumers.

For businesses, the focus should be on how these technologies improve security and cut costs. Less time spent resetting passwords means less strain on IT teams, and fewer breaches mean fewer financial hits. When our messaging offers a solution that improves security while also improving the bottom line, businesses are far more likely to take it seriously.

For consumers, it’s all about convenience. People want their online experiences to be quick and hassle-free, so our messaging should tap into that desire for simplicity. By making the user experience the focal point, we can drive higher engagement.

Keep things simple

The golden rule? Keep it simple. Overcomplicating the conversation or over-explaining the solution turns people off. The more straightforward we can make our messages, the more likely people are to engage with the next generation of authentication tools.

This means stripping back the buzzwords and telling simple stories where ease, safety and convenience are the main characters. Focusing on real-world benefits can help users feel empowered, rather than exhausted, by any new technology – and once that confidence is there, adoption will follow.

This month, we should all ask ourselves two questions: are we overwhelming our audiences with technical details? Do our key messages make the benefits relatable and easy to understand?

Stronger security doesn’t have to mean added complexity, so let’s make sure we’re keeping things as simple as possible.

FINN Partners helps clients with communications for a high-tech world. Find out more.