Business Password Management

The Power Of User Experience: How To Improve Password Security

Caroline Morchio, head of user experience at Dashlane, speaks to Expert Insights about the role of user experience and design in tackling password security.

Article thumbnail image

It goes without saying that user experience has a big impact on the way that we engage with technology. Think about it—if you find a tool particularly slow, unintuitive, and difficult to use, then chances are you’re going to either cut corners when you’re using it, or just avoid using it altogether.

Whereas positive user experiences encourage us to keep coming back to certain products and technologies, and to keep using them again and again. And not only that, but to use them in the way they were intended to be used.

To find out how important user experience is when it comes to password security, we spoke with Caroline Morchio, head of user experience (UX) at Dashlane.

Morchio has 15 years of experience working as a product and design leader for various teams and innovative technology companies—most recently working with Elon Musk at Neuralink. Now, Morchio is a part of password management company Dashlane, helping to solve the inherent security issues that come with password usage in the workplace.

“I define myself not as a designer or product person, but as a technologist,” Morchio says. “As technologists, we have the unique opportunity to help people solve their day-to-day problems. And what I’m passionate about is how we can leverage technology to bring simple, elegant solutions to human problems.”

So, how can technologies like password managers solve the very real human problems that organizations are facing today? Morchio shares an interesting perspective on the role of user experience and design in tackling password security in an evolving threat landscape.

Passwords: An Organization’s Downfall

Password security is a long-standing issue for organizations around the globe. With the prevalence of credential compromise—and the rise in social engineering as a means of gaining access to user credentials—weak passwords are the kryptonite of account security.

“Passwords are challenge number one,” Morchio says. “Weak, reused, and compromised passwords are the number one cause of the breaches and hacks that we hear about in the news on a daily basis.”

Password hacking and brute force attacks are responsible for more than 80% of all breaches. “That’s why it’s so important for people and businesses to have different passwords for every account,” Morchio explains. “So that if one password is breached, their other accounts won’t be breached too.”

But a real issue for organizations is the fact that, despite being aware of these worrying statistics, 58% of IT professionals still admit to reusing the same password across multiple accounts. “Even though they are aware it’s not the best practice, they still do it,” Morchio adds.

But why is poor password hygiene such an issue across mass groups of users? Morchio suggests that, when it comes to users participating in secure practices or using the right technology, user experience is a key factor.

User Experience Is Key

“As part of my role as head of UX at Dashlane, I’ve spent lots of time listening to our customers to understand their pain points and their needs,” Morchio says.

“And what we’ve learned is that it all comes back to one thing: how delightful and easy a product is to use is going to empower organizations or teams to use it efficiently and effectively, and to become de facto secure online.”

Take passwords, for example. The average internet user has around 150 accounts to keep track of. With recommended password practices becoming increasingly complex, it’s understandable that many users find it difficult to create and memorize a strong password for each of those accounts. So, in this case, a poor user experience is what’s actually causing users to reuse password across accounts and set weak passwords—making them less secure.

To solve this challenge, many organizations implement password managers to help their employees more easily—and securely—create, store, and share passwords. But if the password manager itself is difficult to navigate, users tend to fall back on referring to their spreadsheets of qwerty and Password1.

A positive user experience is key for the adoption of best practices and secure technologies—and providing elegant, memorable, and seamless authentication is where user experience delivers its value, according to Morchio.

“Users recognize themselves and relate to a compelling user experience, emotionally speaking. They use it because they connect to it. They want to use it. They love it.

“That’s how powerful user experience is—it’s the common denominator between purchasing a product and actually using it.

“It’s thanks to great UX that users will then trust products, brands, and technologies, and will become more secure by using them. At least, that’s our goal at Dashlane.”

So, how do vendors like Dashlane provide a user experience that’s not only simple and frictionless for users, but also encourages better security practices?

The Solution: Intuitive Password Managers

For many password management providers like Dashlane, the answer to remediating the poor user experience offered by passwords is to take the user journey into their own hands, and to manage users’ passwords for them.

Password managers eliminate pain points and friction from the user journey, while encouraging users to create more secure passwords.

They do this by enabling users to securely store passwords within their own virtual vault, which they access via a key called the “master password”—the only thing that can decrypt the passwords stored within.

With a password manager, users can automatically generate and store unique, complex, and secure passwords for every account that they hold—without having to rely on memory, or write them down on post-it notes on their desks. All users have to do is remember their master password to gain easy, frictionless access to their accounts.

Many password managers also come with auto-fill engines, which automatically input a user’s credentials into login portals; password sharing capabilities, which enable employees to securely share passwords without sending them in plaintext over channels like Slack; and admin dashboards, which enable admins to monitor password health and manage permissions organization wide.

But we should emphasize that as well as providing a frictionless and elegant user experience, password managers are also highly secure. “We use a zero-knowledge architecture,” Morchio explains. “This guarantees that only the user knows what’s stored inside their password vaults—the data is only visible to them. Not even Dashlane can view or have access to the data.”

Additionally, many password managers—including Dashlane—leverage highly secure encryption to ensure that passwords are only visible to the user. “The encryption service that we have is a gold standard in security these days, and means that we can keep all our login credentials and passwords safe. This is all thanks to the encryption service we call AES-256.”

This level of encryption means that in the rare event that a password manager does get breached and a criminal gains access to a user’s vault, they still won’t be able to decrypt the passwords inside without the decryption key—the master password.

“Basically, what that end-to-end encryption does is change locally the passwords on every device that you own,” Morchio explains, “to ensure data remains private, secure, and accessible only to the user.”

Dashlane’s Password Manager Solution

Dashlane offers a web and mobile app that helps simplify password management for businesses and individuals globally, enabling them to log into their accounts easily and securely.

This all-encompassing password management solution is designed with user experience and the human perspective in mind, to help encourage users to engage with the solution, rather than reverting to their old practices.

And, for Morchio, what makes Dashlane great is this level of focus that it dedicates to its users.

“What brought me to Dashlane is that it stands out in terms of the experience it provides to its customers,” says Morchio. “It’s the most customer centric.

“We invest a lot in research and innovation so that we can deliver real value to our customers. We learn from them, and we listen to them so that we can understand how our customers live—and more importantly, how they experience their lives with an online security product.

“That really enables us, as technologists, to paint a new vision of what an online security tool can be, from a human perspective, in the future.”

Thanks to Caroline Morchio for participating in this interview. You can learn more about the Dashlane platform and how it works via their website.