How to Use Password Resets to Increase Customer Retention

Poorly designed password resets are costing you money. A high-friction password reset flow can lower conversion rates, as demanding too many (or the wrong kind of) verification tasks can frustrate users and lead them to abandon the reset flow altogether. To illustrate this point, we have identified 7 common factors that could be causing your password reset flow to fail. Subsequently, we provide a potential solution by going passwordless and taking the password out of the equation.

Let's be honest: how often has the following happened to you? You wanted to access your favorite online shop or your project management tool but couldn't remember your password. Resetting the old and managing the new password is also cumbersome, so you just did not log in or did not purchase.

The implementation of a password reset flow can be a painful step for people who are still utilizing password-based authentication. It is:

• difficult to build
• adds needless friction to the user experience
• frequently leads to users abandoning the process entirely

On average, about 10% of your active users will pass through the password reset flow each month, depending on the size and percentage of existing vs. new customers. Of those, up to 75% will drop out partway through the password reset process.

To put that another way:

To illustrate this point, we have identified the 7 most common factors that could be causing your password reset flow to fail.

Let's take a look at the factors that hurt password reset rates.

Often the reset link is sent via email. However, this process may fail due to some hurdles. Users may not open their mailbox to look for the reset email. As a result, they may not see the reset link, which may cause the process to fail. Also, users have to switch context, which interrupts the workflow and can cause the process to fail.

If users have forgotten their password, they need access to the email address associated with their account in order to reset it. However, if they do not have it (either it's not installed on their device or also have forgotten their email address password, they will not be able to finish the password reset process.

If it takes too long for the password reset email to arrive, the reset link may be expiring before the user has a chance to access. This can be caused by an incorrect server configuration or an overly short expiry time.

It is important to remember that if the reset password email is sent to the users, and it ends up in their spam folder, they may never even see it. This means they will not be able to reset their password and access their account.

Often, links are sent via email during password reset. However, this is not best practice, since links are device-bound, as they are usually opened on the device where the email is opened. This can cause cross-device problems, for example if a user only has access to the email on another device.

For many users it is very annoying to have to come up with a new password, as this represents another avoidable step in the login process.

Having complex password requirements for any online process can be daunting for users. The password reset process becomes even worse when the password is not accepted by the platform, and the user needs numerous attempts to come up with a new password that meets the requirements.

A recent study of a big German B2C platform serves as a brilliant example: The study found that on average, 27.4% of all initial logins result in a failure because users mistype for example the email address or password. Furthermore, logging in with the "default password" sometimes only works on the second or third attempt - or not at all. Occasionally, users lock themselves out because they have tried to log in too many times and encounter an automatic lockout that requires a password reset or a forced lockout for 30 minutes.

Only 4.9% of all users even attempt to reset their password. This means that a large majority of users who fail to log in on the first try never even try to reset their password. Further, 28.6% of password resets fail even after multiple attempts. This means that 1.4% of all initial login attempts result in a failed password reset.

Altogether, this results in 24.1% of all users failing to log in on any given day.

There are counter-measure for the above-mentioned issues in the password reset process. Let's elaborate.

Offering password resets to mobile numbers ensures that users can access their accounts even if they have forgotten their passwords. It allows users to reset their passwords without having to wait for an email or going through a complicated reset process.

An effective method for boosting password reset conversion rate is to send an automated email or SMS when a customer attempts to reset their password but fails to complete the process. This simple step can help to improve the customer experience when it comes to resetting their passwords, making them more likely to complete the process.

By leaning into passwordless solutions as an alternative to password resets, you can delight your users and increase conversion and engagement. Passwordless logins provide a secure and efficient way for users to access their accounts without ever having to enter a password. Instead, users are sent a unique link via email or a one-time passcode (OTP) to get access to their accounts.

For companies that want to improve not only the user experience but also increase their account security, a login with passkeys is the ideal solution. The login credentials cannot be forgotten because biometric login methods, such as Face ID, Touch ID or Windows Hello, are used, allowing users to log in without creating a new password.

A poorly designed password reset flow can have huge consequences for your users and your business. Why not avoid the issue altogether by going passwordless with passkeys? Just imagine all the lost users you can regain by passkeys.

Passkeys are the ideal solution to increase the user retention of any e-commerce or SaaS company. To quickly obtain these benefits without thinking of complex integration or cross-device issues, take a look at Corbado's passkey-first authentication solution. Integrate within minutes and transition your users smartly into the passkey era. Trust me, your users will love it (and your conversion rate will prove it).

Start your passkey journey for free today!