Viewing entries in
Best Practices

1 Comment

A New Push to End Passwords

I hate passwords. But I don’t hate passwords as a concept. Certainly I understand the need, but password protection implemented poorly creates friction and often frustration, and that’s not good for business or for my own personal protection.

Now there’s a new initiative out of Silicon Valley called the “Petition Against Passwords.” It’s not proposing a specific alternative, but the basic premise is that we can do better. And the initiative seems to be getting some early traction. But I think that before we try to improve, we also need to address our failings.

passwordgraphic

In my view, because online security has become such a high profile concern, many companies have given their programmers carte blanche to “beef up security.” And beef they have, adding all sorts of onerous restrictions, cool new programming and faddish techniques that satisfy their intellectual curiosity, but put a big dent in the overall user experience.

Several years ago, I bought one of the most popular password management programs called Roboform. It actually will provide long, randomly generated passwords for every site where I have an account. Once set-up, I could access any site with a single click. Nirvana! I was fully protected, and friction was eliminated. This was a win for everyone. And it worked. For a while.

But I’ve watched as RoboForm has become less effective, as more sites institute cool new login processes that force you to do more, remember more, and defeat the popular password managers.

I have one site that insists I manually input my password into a virtual keypad on the screen. Way cool, but essentially pointless. I have another site with no fewer than ten challenge questions that it presents randomly, with responses that have to be entered perfectly, or you are locked out and forced to spend 20 minutes with their call center to get back in. Still another site wants a ten character password that includes both a capital letter and two non-alphanumeric characters. And the latest cool approach is “two-factor authentication,” which sends a separate code to your cellphone every single time you want to login. Honestly, can you picture yourself doing this several times (or more) a day? We want more user engagement, not less.

Where I come out is with this simple, three-point proposition:

  1. Login security should be proportionate to what you are protecting, a point of particular relevance to online content providers. Let’s be honest with ourselves: we’re not protecting nuclear launch codes.
  2. Don’t leave login protocols completely in the hands of your programmers. Logins are a critical component of the overall user experience and need to be assessed accordingly. If users aren’t logging in, they’re also not renewing.
  3. For most of us, time would be better spent improving our back-end system security, to reduce the chance of wholesale theft of user logins, credit card data and personal information. That’s where the big business risk resides, although the necessary programming is admittedly less glamorous than virtual keypads.

So sure, let’s start talking about eliminating passwords. But first, let’s acknowledge that a lot of the problem is self-inflicted by the way in which we have implemented passwords.

1 Comment

Comment

Is Data the Salvation of News?

Doubtless by now you’ve heard the buzz around the travel news start-up called Skift. Skift is the brainchild of Rafat Ali, the founder of PaidContent. Skift appears to be a disruptive entry into the B2B travel information market, and seeks to distinguish itself through a fresh style of reportage and eclectic editorial coverage (news of innovative airport design merits the same level of coverage as news about major airlines). Given Rafat’s track record and the fondness these days for all things disruptive, Skift has recently attracted an additional $1 million from investors. Where this gets really interesting is that Skift wants to broadly cover the incredibly huge global travel industry with only a handful of reporters. That means Skift will deliver a mix of original reporting along with licensed and curated content. So where’s the innovation and disruption? The answer, in a word, is data.

skiftlogo

Skift’s plan is to deliver most of its news free on an advertising-supported model, but to also offer paid subscriptions (reportedly to range from $500 to $1,000) to give subscribers access to travel data. It’s no surprise then, that Skift is positioning itself as a “competitive intelligence engine.”

Skift may be on to something. I first got interested in the intersection of news and data back in 2007, when I read some fascinating articles written by Mike Orren, the founder of an online newspaper called The Pegasus News. Orren had discovered that despite his focus on hyper-local news, the editorial content that consumers are ostensibly hungering for, fully 75% of those who came to his site were there for some sort of data content. Others in the newspaper industry have also reported similar findings.

In this context Skift seems to have a firm grasp of the new dynamics of the information marketplace: while there is an important role for news, it’s increasingly hard to monetize. That’s why news married to data is a much smarter business model. News provides context and helps with SEO. It can be monetized to some extent through advertising. Data offers premium value that is easily monetized with a subscription model, and the two types of content, intelligently combined, offer a compelling, one-stop proposition to those who need to know what’s going on in a specific market.

This is, of course, a conceptually simple model that not too many legacy news publishers have been able to execute on. That’s because the two types of content are inherently distinctive, from how they are created to how they are sold. Perhaps a disruptive market entrant like Skift will be able to crack the code and produce both types of content successfully itself. Personally, I think the fastest and surest path to success is to build strong partnerships with data publishers.

 

Comment

Comment

Drawing the Line: Customers as a Data Source

Today’s New York Post reports that Bloomberg was confronted by Goldman Sachs for allegedly allowing its journalists to tap into subscriber usage data. It is early into this event, and still unclear what the ultimate impact  on Bloomberg might be, but regardless of outcome, this remains an area of  acute importance to all data publishers. That’s because data publishers  often have access to potentially confidential and valuable information,  and the slightest misstep could put your whole business at risk by  destroying customer trust.133477-bloomberg-terminal-12885

The Bloomberg case was actually pretty tame in many respects: a Bloomberg reporter called Goldman Sachs to inquire if a partner was still working there because he hadn’t logged into his Bloomberg terminal for a long period of time.

Login data provides one level of insight into the activity (or non-activity) of your subscribers, but that’s just the tip of the iceberg. If you know what job function a particular subscriber performs, and also what that subscriber is searching on, you could potentially get insights into new product development activity, sales strategy or even potential acquisition targets. You see where I am going, and hopefully you also see why you should never go there. Your subscribers, often unknowingly, are trusting you with a lot of potentially sensitive and valuable information. It’s your duty to guard it carefully.

I’m not suggesting that there is any issue with aggregate analysis of activity against your database to better understand what your subscriber base as a whole is interested in so that you might improve your product. But whenever you start associating specific search and view activity with specific subscribers, you need to be very careful.

Depending on the markets and the job functions you serve, you may even want to re-think if, say, your customer service people should be able to view a specific subscriber’s saved searches. And even something as innocuous as putting up a list of “most viewed companies this week” could inadvertently reveal too much if you operate in a tight vertical.

Too often these days, I am seeing people do things because they can, not because they should. Technology is often addictive in this way. But I urge you to look before you leap. Trust is easy to lose, hard to regain and essential to your success.

Comment