How to leverage the password reset process to increase customer retention
Poorly designed password resets are costing you money. A high-friction password reset flow can lower conversion rates, as demanding too many (or the wrong kind of) verification tasks can frustrate users and lead them to abandon the reset flow altogether. To illustrate this point, we have identified 7 common factors that could be causing your password reset flow to fail – and a glimpse at how passwordless solutions can help.
Let’s be honest: how often has the following happened to you? You wanted to access your favorite online shop or your project management tool but couldn’t remember your password. Resetting the old and managing the new password is also cumbersome, so you just did not log in or did not purchase.
The implementation of a password reset flow can be a painful step for people who are still utilizing password-based authentication. It is difficult to build, adds needless friction to the user experience, and frequently leads to users abandoning the process entirely.
A high-friction password reset flow can lower conversion rates, as demanding too many (or the wrong kind of) verification tasks can frustrate users and lead them to abandon the reset flow altogether. On average, about 10% of your active users will pass through the password reset flow each month, depending on the size and percentage of existing vs. new customers. Of those, up to 75% will drop out partway through the password reset process.
To put that another way: with a high-friction password reset flow, you’re losing up to 7.5% of high-intent users before they’ve even had a chance to engage with your application or do a purchase.
To illustrate this point, we have identified 6 common factors that could be causing your password reset flow to fail – and a glimpse at how passwordless solutions can help.
These 7 factors break your password reset rate:
1. Users need to open their mailbox: Often the reset link is sent via email - however, this process may fail due to some hurdles. Users may not open their mailbox to look for the reset email. As a result, they may not see the reset link, which may cause the process to fail. Also, users have to switch context, which interrupts the "workflow" and can cause the process to fail.
2. Users may have no access to mailbox: If users have forgotten their password, they need access to the email address associated with their account in order to reset it. However, if they do not have it, they will not be able to perform the password reset process.
3. Reset emails take too long to arrive: If it takes too long for the password reset email to arrive, the reset link may be expiring before the user has a chance to access. This can be caused by an incorrect server configuration or an overly short expiry time.
4. Reset emails may end up in spam: It is important to remember that if the reset password email is sent to the users and it ends up in their spam folder, they may never even see it. This means they will not be able to reset their password and access their account.
5. Reset links are device-bound: Often, links are sent via e-mail during password reset. However, this is not best demonstrated practice, since links are device-bound, as they usually are opened on the device where the email is opened.. This can cause cross-device problems, for example if a user only has access to the email on another device.
6. Users need to come up with a new password: For many users it is very annoying to have to come up with a new password, as this another avoidable step in the login process.
7. Complexity requirements for new password: Having complex password requirements for any online process can be daunting for users. The password reset process becomes even worse when the password is not accepted by the platform, and the user needs numerous attempts to come up with a new password that meets the requirements.
25% abandon the login due to an overly complicated password reset
A recent study of a big German B2C platform serves as a brilliant example: The study found that on average, 27.4% of all initial logins result in a failure because users mistype for example the e-mail address or password. Furthermore, logging in with the "default password" sometimes only works on the second or third attempt - or not at all. Occasionally users lock themselves out because they have tried to login too many times and encounter an automatic lockout that requires a password reset or a forced lockout for 30 minutes.
Only 4.9% of all users even attempt to reset their password. This means that a large majority of users who fail to login on the first try never even try to reset their password. Further, 28.6% of password resets fail even after multiple attempts. This means that 1.4% of all initial login attempts result in a failed password reset. Altogether, this results in 24.1% of all users failing to login on any given day.
Follow these 4 factors to boost your customer retention rate:
1. Offer password resets to mobile number: Offering password resets to mobile numbers ensures that users can access their accounts even if they have forgotten their passwords. It allows users to reset their passwords without having to wait for an email or going through a complicated reset process.
2. Send an email or SMS on incomplete password resets: An effective method for boosting password reset conversion rate is to send an automated email or SMS when a customer attempts to reset their password but fails to complete the process. This simple step can help to improve the customer experience when it comes to resetting their passwords, making them more likely to complete the process.
3. Offer a direct passwordless login: By leaning into passwordless solutions as an alternative to password resets, you can delight your users and increase conversion and engagement.
Passwordless login provides a secure and efficient way for users to access their accounts without ever having to enter a password. Instead, users are sent a unique link via email or a one-time passcode (OTP) that grants them access.
4. Offer a login with passkeys: For companies that want to improve not only the user experience but also increase their IT security, a login with passkeys is the ideal solution. This solution is already possible on most devices today. The login credentials cannot be forgotten because biometric login methods, such as Face ID, Touch ID or Windows Hello, are used, allowing users to log in without creating a new password.
Corbado’s passkey solution boosts your customer retention rate today!
A poorly designed password reset flow can have huge consequences for your users and your business. Why not avoid the issue altogether by going passwordless with passkeys? Just imagine all the lost users you can regain by passkeys.
Passkeys are the ideal solution to increase the user retention of any e-commerce or SaaS company. To quickly obtain these benefits without thinking of complex integration or cross-device issues, just make use of Corbado’s authentication solution that puts passkeys at the heart. Integrate within minutes, AB test it without any risks in parallel to your existing authentication solution and transition your users smartly into the passkey era. Trust me, your users will love it (and your conversion rate will prove it).
Start your passkey journey for free today!
Enjoyed this read?
Stay up to date with the latest news, strategies and insights about passkeys sent straight to your inbox!