CIAM and the Trust Thermocline
I love the concept of the trust thermocline. That link is to a twitter thread where John Bull explains in detail how easy it is to lose trust of a community of customers. And therefore their business.
Because of how people treat sunk costs, it is also very difficult to detect the specific action that pushes your community to abandon you. He's in particular talking about digital and analog content publishers:
... too many people see service use as always following an arc. They think that as long as usage is ticking up, they can do what they like to cost and product.
And (critically) that they can just react when the curve flattens
But with a lot of CONTENT products (inc social media) that's not actually how it works. Because it doesn't account for sunk-cost lock-in.
Users and readers will stick to what they know, and use, well beyond the point where they START to lose trust in it. And you won't see that.
But they'll only MOVE when they hit the Trust Thermocline. The point where their lack of trust in the product to meet their needs, and the emotional investment they'd made in it, have finally been outweighed by the physical and emotional effort required to abandon it.
This thread made me think about trust issues in customer identity and access management (CIAM) and how such trust can be lost.
CIAM is similar to digital content, because it's a gateway to a service accessed online. However, CIAM is only the doorway; the content/features/products you offer past that doorway matter far more for retaining your customers.
That said, while CIAM won't help you gain trust, a poor implementation can push your customers toward that trust thermocline. Here are some ways that can happen.
First, if your login page doesn't look like it is from your company, users can get confused or frustrated. They expect consistency from applications; this is why every UX rewrite causes great gnashing of teeth (looking at you, Slack). If the authentication screen doesn't look similar to your application, you're causing additional cognitive load and confusion.
It doesn’t have to be identical in look and feel; for example, Google’s account login page doesn’t look exactly like the Gmail app or Google maps. But the login screen should be identifiable as yours with a logo and a similar look and feel. Don't surprise your users, especially with something as fundamental as the app's frontdoor.
Second, make sure the door is open. It’ is best if your authentication system is available at all times. If your CIAM system must go down to be updated, make sure you schedule it during low usage periods. It is quite frustrating as a customer to expect to be able to access something they have paid for or want to buy and get blocked because they can't log in.
One time I was trying to do some banking early in the morning and the system was down for maintenance so I couldn't log in. I have a deep understanding of the travails of building software and yet I was still annoyed. What do you think a customer who wasn't a software engineer felt?
Another way trust erodes is not respecting consents. Profile and consent management is an optional subset of CIAM, not implemented by all vendors. But if you ask for user consent (as you are often legally bound to) then abide by it. Your consent screens should also be written in plain language. You may have to fight the lawyers on this one.
Finally, avoid password resets not initiated by a user. These often happen during a migration between systems when you don't have access to the password hashes. But guess what? They also happen during a security incident, when passwords might have been compromised or stolen. The former is an annoyance, the latter is a disaster.
Data breaches cause long term stock market performance issues, which I consider to be a murky proxy for trust.
In the long term, breached companies underperformed the market. After 1 year, Share price fell -8.6% on average, and underperformed the NASDAQ by -8.6%. After 2 years, average share price fell -11.3%, and underperformed the NASDAQ by -11.9%.
But a migration that requires an unexpected password resets looks the same to your users. Oh, you think they'll read that email you sent saying this was due to a migration? Hahaha. When did you last closely read an email from a company about your account there?
The best way to avoid this particular trust busting issue is ensure before you migrate to a CIAM system that you will have access to the password hashes if you ever leave. This can mean self-hosting or ensuring up front that the SaaS vendor won't hold your data hostage. Get this in writing.
CIAM is in undifferentiated, behind-the-scenes technology, yet critical. When is the last time you heard someone say "I love love love the login screen of <app X>"?
It's plumbing, and no one notices plumbing until it doesn't work. At that point, it can only negatively affect your users’ trust in you and your company. Avoid that thermocline!
Dan