Secure "Keep Me Signed In" Experiences Are Possible

Customer loyalty is won – and lost – at login. 60% of customers admit to abandoning an account forever when they have trouble signing in. Convenience and ease of use are key, and as customer expectations become ever more exacting, organizations looking to retain customers and grow loyalty need to prioritize removing unnecessary barriers.

 

Given the point of login can be such a cause for session and cart abandonment, many websites offer a convenient "Keep Me Signed In" or "Stay Signed In" checkbox on their sign-in screen, allowing consumers to keep their sessions active longer. This functionality can significantly improve customer experience and boost revenue, and has become a familiar feature across numerous applications and online platforms. However, longer-lasting sessions bring with them an elevated risk of session hijacking, which can lead to companies shouldering higher fraud resolution costs, or possibly hesitating to implement “Keep Me Signed In” at all, to the detriment of customer experience. 

 

The challenge, therefore, lies in finding a way to properly secure long-lived sessions to satisfy customers while protecting your business. Whether your organization has already implemented “Keep Me Signed In” or you’re still considering whether it may be a good fit for your business, read on for an overview of the benefits of this customer-pleasing functionality and the role of advanced threat protection in decreasing the risk of session compromise.

It’s no surprise that customers love long-lasting sessions. Logging in is friction by default, after all, and removing the need to re-enter credentials makes for a smoother experience. But “Keep Me Signed In” offers benefits not only for customers, who are happy to stay logged in longer, but to businesses, too.

 

What Customers Love

81% of customers say ease of use is important to their overall digital experience, and staying signed in is inherently easier than having to re-authenticate. Users tend to prefer to skip repetitive logins on sites that they frequent often; skipping these hurdles means quicker gratification, and overall improved user experience – a win for users who are strapped for time and have limited attention to spare.

 

How Businesses Benefit

“Keep Me Signed In” improves conversions by smoothing out the customer experience. As mentioned above, login is a key point at which abandonment can happen, so eliminating the need to authenticate every time will decrease drop-off and abandonment. Even better, Ping has seen an increased likelihood of purchase of up to 30% from customers with long-lasting sessions enabled.

 

This becomes even more valuable when you consider the impact over time on customer loyalty. When customers find it easy to do business with you, they’ll come back again and again. Each time a customer returns and successfully transacts with a business, the likelihood of them coming back again in the future goes up – a customer who has made one purchase has a 27% chance of returning and buying again, but after making that second purchase, the likelihood of a third goes up to 49%, and the likelihood of further purchases after a third goes up to 62% (Smile.io). In other words, loyal customers are not only likelier to spend, they will also spend more over time.

 

Finally, the long-lasting sessions enabled by “Keep Me Signed In” help with longer-term personalization initiatives, too. The longer customers stay with you, the better you can learn their habits and preferences. This allows for better personalization, which should continue to nurture the customer relationship and grow customer lifetime value.

 

Unfortunately, as we alluded to earlier, long-lived sessions come with an elevated risk of session hijacking, account takeover, and fraud. It must also be acknowledged that “Keep Me Signed In” may not be right for every type of customer-facing organization. For banking sites or government services, for example, it makes sense to log out and back in every time, and customers tend to expect that they will have to authenticate with every visit. 

 

But in certain other scenarios, such as ecommerce sites, travel sites, online forums, social media platforms, or entertainment platforms, both customers and businesses can benefit from implementing longer-lasting logins that extend beyond a single browser session.

 

Fortunately, user experience and security don’t have to be at odds, and there are certain steps organizations can take to manage risk and decrease the likelihood of malicious activity while offering customers the option to stay signed in longer.

 

Customer Education

When customers elect to stay signed in, it is important to remind them that this option is best used on personal devices, as opposed to public computers or other shared devices. It is also useful to educate customers on password hygiene – a strong password mandate can be helpful, and you could recommend the use of a password manager to ensure stronger passwords that the customer does not need to remember. Even better, you should consider offering a passwordless option to eliminate easily-compromised credentials altogether. It’s also helpful to remind customers that private browsing or using incognito mode may result in them being logged out automatically by their web browser, as may clearing their browser cache.

 

Continuous Risk-Scoring

Of course, customer education alone is not a security strategy. To that end, organizations must put protections in place to prevent hackers and other cybercriminals from taking over long-lived user-sessions. This is the key to making long-lasting sessions secure and decreasing fraud.

The best way to do this is by implementing a threat protection solution that monitors user sessions for risk in real time. By looking at things such as the user’s device, location, geo-velocity, IP, and even their behavior as compared to past visits, it is possible to spot a compromised session. If a user suddenly looks suspicious, you can step up security by requiring re-authentication and calling for MFA. With a continuous risk-scoring approach, you can be confident that your users are who they say they are, and allow them to remain logged in for longer periods of time.

To make it easier for organizations to provide secure long-lasting sessions to their customers, we are excited to announce new DaVinci flow templates which include PingOne Protect that showcase easy to customize experiences for user registration and authentication, including “Keep Me Signed In,” account recovery and self-service profile management. These flow templates empower organizations to accelerate their time to market with easy-to-deploy customer identity user experiences with minimal set-up required. 

 

The flow templates support various use cases out-of-the-box, including registration with username and password, in-line MFA enrollment, device authentication, and “Keep Me Signed In.” These flow templates include PingOne Protect for real-time threat intelligence to quickly and securely launch long-lasting sessions to your customer.

 

What’s Included in the New Flow Templates

The new flow templates include a registration experience, leveraging password and passwordless sign up, progressive profiling, terms of service agreement, one-time passcode verification and in-line MFA enrollment, and out-of-the-box social identity registration and authentication experiences with Google, Apple, and Facebook.

 

Organizations can also take advantage of pre-built authentication experiences that enable password or passwordless sign on with MFA device authentication, and account recovery with email one-time passcode and password reset.

 

The new flow templates also include multiple self-service profile management flows, including the ability for end users to change their password, manage their passwordless methods, review the terms of service agreement, and update basic contact information all without having to contact support or engage with a chatbot.

The new flow templates are available with minimal setup and configuration, and support full customization, including branding. Documentation is available now.

At the end of the day, it’s possible to give customers the convenience of long-lasting sessions and reap the rewards of greater loyalty and revenue. Keeping customers signed-in long term doesn’t have to be complicated – or compromise security. Let us show you how easy it can be to give customers the seamless online experiences they crave. Check out the new flow templates in our integration marketplace or flow library, and contact us now if you’re ready to get started