Balancing robust security with a seamless user experience is a critical challenge in digital identity management. In this article, top insights from a Chief Information Security Officer (CISO) and a CEO provide valuable perspectives. Discover how minimizing user friction can enhance security and simplicity, and explore the final tip on applying permission-based access controls. This article compiles four key insights from leading experts in the field.

  • Minimize User Friction and Security Fatigue
  • Implement Smart-Authentication Protocols
  • Use Biometric Authentication for Simplicity
  • Apply Permission-Based Access Controls

Minimize User Friction and Security Fatigue

Position the concepts of “User Friction” and “Security Fatigue” at the center of your identity and access management strategy.

The security of any access or identity management process is inexplicably linked to having a seamless digital experience for users. If user friction is high in any given process, this means there are numerous significant obstacles required for the user to “overcome” before they can reach their desired goal. For example, a user registering as a student in a university would experience high degrees of friction if they needed to complete 8 pages of registration information, they had to read and accept 11 different university policies and then had to wait 30 minutes before their account was created after clicking “Submit.”

Where friction exists, security is often circumvented. Various identity management technologies and practices can be used to decrease user friction and improve security simultaneously, e.g., passwordless logins, just-in-time provisioning, zero-trust authentication, self-service resets.

Lastly, “security fatigue” occurs when users become exhausted with excessive security and, again, causes security control circumvention, e.g., using the same password across multiple applications. You can actively design fatigue out of identity management processes to create frictionless environments for both the organization and user. For example, an in-depth mapping of joiner/mover/leaver processes, and the subsequent definition of target state processes, can help design out security fatigue from the ground up.

Jonny PelterJonny Pelter
Chief Information Security Officer (Ciso) and Founder, CyPro


Implement Smart-Authentication Protocols

At Tech Advisors, we focus on balancing security and usability by implementing solutions that protect digital identities without adding layers of complexity for users. One way we’ve approached this is through smart-authentication protocols, making sure identity verification is rigorous yet simple for users to navigate. For example, our clients in law and healthcare frequently need reliable identity management due to compliance requirements, so we’ve integrated two-factor authentication that’s both effective and intuitive for them and their clients.

Our experience shows that understanding user behavior is key to building secure systems that people can actually use. We avoid a one-size-fits-all approach, recognizing that different clients have varying needs. Some may prefer traditional logins, while others might need advanced verification methods. Our team collaborates with each client to find the best fit, knowing that forcing users into a rigid process increases security risks rather than reducing them. Elmo Taddeo, CEO of Parachute and a colleague in the IT field, once pointed out that building secure digital processes requires flexibility to accommodate different user preferences. His insight underscores the importance of adaptable solutions in identity management.

My top tip for balancing security with usability is to invest in “middleware” and automated privacy-enhancement tools. These tools lighten the technical load for web developers and IT teams while keeping the user experience simple. It’s about making sure systems can manage different protocols seamlessly in the background. This helps us deliver a secure, seamless experience for our clients, allowing them to focus on their business rather than on managing multiple identity solutions.

Konrad MartinKonrad Martin
CEO, Tech Advisors


Use Biometric Authentication for Simplicity

In the mortgage industry, balancing robust security with a user-friendly experience can be challenging, as clients are dealing with highly sensitive personal and financial information. At Zanda Wealth, we implemented biometric authentication, specifically fingerprint recognition, for client portal access. It’s secure, widely accepted, and convenient—especially since our clients aren’t keen on juggling multiple complex passwords.

For instance, when a client logs in to check their mortgage progress or review investment options, they simply use their fingerprint to access everything. This approach has allowed us to keep security rigorous without burdening clients with remembering lengthy passcodes, which, from feedback, we know has made a significant difference. Many clients have mentioned how much they appreciate this added simplicity while feeling secure, knowing that biometric data is extremely hard to breach compared to traditional passwords.

Austin RulfsAustin Rulfs
Founder, SME Business Investor, Property & Finance Specialist, Zanda Wealth


Apply Permission-Based Access Controls

We decided to use encrypted cloud storage, applying permission-based access that restricts who can see and edit specific files. For example, when working with a client on a high-impact video campaign, only the core team involved with that project can access the campaign materials, budgets, and strategy documents. Others in the organization don’t have access, which minimizes data exposure. Moreover, each project folder has an audit trail that records who accessed or modified files, giving clients peace of mind.

Our clients appreciate that we’re not only prioritizing their security but also ensuring that only essential personnel handle their data. This level of control means everyone on our team can work efficiently without needing to wade through additional security barriers while still maintaining a high level of confidentiality for our clients’ data.

Spencer RomencoSpencer Romenco
Chief Growth Strategist, Growth Spurt