Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home IAMblog Security Vulnerabilities When Security Drives Change

When Security Drives Change

Starbucks has apparently been storing passwords in clear text on their incredibly popular app, which features payments. In his article on the subject in Computer World, Evan Schuman writes "Starbucks could have chosen not to store the password on the phone, but users would then be forced to key in their username and password every time they wanted to use the app to make a purchase. "A company like Starbucks has to make the choice between usability to drive adoption and the potential for misuse or fraud," said Charlie Wiggs, general manager and senior vice president for U.S. markets at mobile vendor Mozido. "Starbucks has opted to make it very convenient. They just have to make sure that their comfort doesn't overexpose their consumers and their brand."

This blog has previously addressed the issues associated with balancing security and user experience, but a story like this makes it impossible not to ask: When do we push a change in user experience, in order to drive more security? The answer to this question is complex, because it involves:

  • A clear and focused understanding of the security solution that will work best for each business, their users and their needs
  • Considering the nature of what most needs to be protected, and how best to do it
  • How to implement these technologies successfully
  • How to absorb the cost and time associated with acclimating user populations to these critical features
All of the above are relevant concerns for organizations who face these issues on an ongoing basis, but none of them negate the need to implement security features, especially on apps that expose users to risk of fraud or theft of personal data. Starbucks responded to the attention they got related to their password issue by updating their app.

The time to begin updating, revamping and improving apps - so that they still benefit users in the way they do today, and so that usability and adoption remain front of mind - is now. These should be critical roadmap items across industries in 2014.