Retail lags in authentication modernization, but not because providers aren’t interested in upgrading. It’s because customers actively reject change. Familiarity, ease of implementation and legacy system compatibility all mean that very few retailers offer anything beyond usernames and passwords, not even two-factor (2FA) and multi-factor authentication (MFA).
Ecommerce sites have experimented with magic links, an authentication method that is a little higher friction but is still a viable passwordless alternative. Meanwhile, biometric authentication (think fingerprints and facial recognition) is gaining popularity among less technical users, even if it’s simply to unlock their smartphones. Passkeys, another passwordless authentication method, leverage biometrics or a PIN to let consumers confirm a purchase with just a tap or a quick selfie.
