Shop It To Me app says “So long” to passwords
Mobile commerce application Shop It To Me has replaced passwords with a one-time link sent to users’ email addresses that will permanently login members until they choose to log out manually.
Recognizing the inconvenience of memorizing and maintaining numerous passwords, app producers also realized choosing the “Forgot your password?” option is not an easy task to complete on mobile devices. While cyber attacks remain a daily threat, legacy systems have made it nearly impossible to login if passwords are forgotten.
“Because it is so hard to remember 50 unique passwords, people are resorting to either using simple, but insecure passwords or using the same secure password across all their sites, which is a big problem when any one of those sites gets hacked,” said Charlie Graham, founder and CEO of Shop It To Me, San Francisco.
“We hope other sites will do the same so we can get rid of the mess of multiple passwords. We believe that our solution is both simpler and as secure, if not more secure, for our members than requiring a password in today’s environment.”
Passwords: So yesterday
If a password is forgotten, the common protocol is to send a link to one’s email address to verify identity, which is why Shop It To Me eliminated the middle man: the password.
The link is a one-time token that soon expires after distributed.
App authenticators observe location and other security features to insure the correct person is receiving the link to access Shop It To Me. Mr. Graham did not want to reveal all of the behind-the-scenes measures the company takes to avoid the information falling into the wrong hands.
Stored credit cards are not a factor within the app, so a hacker could only access previous order information and brand preference settings.
Originally launched in November 2013, Shop It To Me alerts members of deals on designer brand clothes, shoes and handbags in their personal sizes.
Shop It To Me follows a wide range of brands, such as J Brand, Free People, Diane von Furstenberg and Tory Burch and locates sales through retail stores, such as Nordstrom and Bloomingdale’s.
As the globe shifts solely to mobile, failed logins are enough to disengage users from an app.
“Relevance and recognition in real time are the three R’s in mobile marketing,” said Melinda Krueger, senior marketing consultant at ExactTarget, Milwaukee.
“This is what customers expect from us on mobile devices. If your legacy systems cannot recognize your customers across channels and deliver relevant information and offers in real time, you are not positioned to succeed in mobile marketing,” she said (see story).
Citi has also taken steps to simplify the login process for members.
Following a successful beta test, Citi launched a new opt-in feature nationwide which enables customers to view sensitive account information in their Citi mobile banking app without log-in friction, making it the first major U.S. bank to offer such a preference.
The introduction of Citi Mobile Snapshot came after a three-month beta test, which revealed more than half of responders from an initial sampling pool of several hundred choose to enroll in the feature, and more than 70 percent of those opt-in users rated their Snapshot experience as good or excellent. With major banks increasingly competing on the basis of mobile convenience, other financial institutions are likely to follow suit with similar offerings (see story).
In reality, passwords are a tired concept, and an extraordinary advantage can be gained by implementing modern authenticating features.
“Of course, there’s no foolproof way to ensure security,” Mr. Graham said.
“But you can take some steps. For your critical email and financial sites, I recommend using two-factor authentication whenever you can.”
Caitlyn Bohannon, editorial assistant for Mobile Commerce Daily, New York