Building Consumer Trust: 4 Challenges to Offering Secure User Authentication

No brand can be successful without customer trust. But as organisations handle and store more customer data than ever—data that’s increasingly targeted by cyber criminals—that trust is harder to earn and even harder to keep.

In my previous post, I discussed the various stages of the customer journey that are crucial to building and retaining user trust. This post will focus on one of those stages: Authentication. Let’s take a look at the challenges that businesses face when it comes to deploying secure authentication and explore the identity tools that can make it easier.

1. The security challenge

As technology develops and enables businesses to better reach their customers, so are the threats that impact cyber security. Users now have hundreds of accounts across various providers, and that makes them particularly appealing to hackers who want to access their personal information. That’s why we’re seeing an increase in credential-based attacks like credential stuffing and phishing—and bad actors are refining their approaches, employing machine learning to learn more about their targets and craft more compelling messages to trick users into sharing their credentials.

To maintain user trust within this threat landscape, companies need to implement secure authentication across all of their systems—including those that are on-prem. Many organisations still rely on on-prem applications, but they often don’t implement the same level of security that they would for their cloud-based counterparts. Whether they realise it or not, these companies are often using weak authentication infrastructure, making it all too easy for hackers to access user and organisational data, putting both employees and customers at risk.

To prevent these threats, companies need to deploy identity-centric solutions like Okta Access Gateway that span their entire cloud and on-premises environments, providing the same modern authentication tools to all applications.

2. The business challenge

As customer expectations continue to shift within a dynamic digital landscape, businesses need to be able to meet the evolving needs of the individuals and other companies. They should also be able to actively participate in the collaboration economy that has emerged with APIs. Secure authentication is crucial to success in both of those areas.

Omni-channel experiences:

When it comes to authentication, customers expect businesses to be able to authenticate them across multiple devices, allowing them to seamlessly access services from anywhere, at any time. That means companies need a single source of truth that effectively validates the user across various channels, be it on a web browser, mobile, or in-person.


The growth of the API economy has given businesses the unique opportunity to have other companies adopt their technologies within their own platforms—leading to more customers and more revenue. But this brings its own set of identity challenges. In order to ensure secure authentication, companies need the infrastructure to track their API footprint and have clear visibility into who has access to their APIs.

To help address this challenge, solutions like API gateways and API access management are key to better protecting proprietary technology once it’s in the marketplace.

3. The application architecture challenge

Another shift in technology development is the move towards microservices architecture (MSA). Because of the nature of microservices, there’s an added need to ensure secure authentication is active across various disparate components. Developers need to be able to incorporate identity and security into their applications from the outset, employing tools like API gateways and strong authentication protocols like OAuth 2.0.

To get started, companies should have a clear picture of where they stand from a security standpoint. The OWASP Software Assurance Maturity Model (SAMM) offers a practical framework for assessing this and is easily embedded into the software development lifecycle. This can then be complemented by solutions like Okta’s CIAM products, which centralise microservice authentication, authorisation, and user management, reducing the onus on developers.

4. The regulatory challenge

Recent regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are repositioning how companies think about customer data. There are now added considerations around how companies store and share this information, and that needs to be factored in at the authentication stage. As such, companies need to deploy an identity-focused approach to authentication that keeps bad actors out, and protects the customer data they host. These authentication capabilities should work hand in hand with a flexible identity platform that integrates with specialised privacy solutions, allowing businesses to select best of breed vendors that support compliance.

Build customer trust with secure authentication

Secure authentication is a must when it comes to fostering customer trust. To tackle the common challenges to establishing secure authentication, companies need to consider an identity-centric solution that covers all their bases and helps them address their evolving customer, security, and regulatory requirements.

For more information about how Okta’s secure authentication capabilities, check out the following resources: