TMW #082 | Passwords, platforms and protocols

May 15, 2022

Welcome to The Martech Weekly, where every week I review some of the most interesting ideas, research, and latest news. I look to where the industry is going and what you should be paying attention to.

👋 Get TMW every Sunday

TMW is the fastest and easiest way to stay ahead of the Martech industry.  Sign up to get the full version delivered every Sunday for this and every TMW, along with an invite to the TMW community. Learn more here.


Here’s the week in Martech:

  • Passwords, platforms, and protocols. What does a passwordless future mean for Martech?
  • What is ResTech? Technologies that enable insight
  • The death of Terra UST. How one crypto project lost $39 billion overnight
  • Everything else: Google’s ad center, the four myths of bundling, the contextual comeback, Gucci x NFTs, the Disney of the Metaverse, real marketing definitions, and swapping sandwiches for tacos

✍ Commentary

Passwords, platforms, and protocols. I just upgraded my password manager. They now charge me $3 a month for the privilege of being able to access my passwords from my phone and laptop. Annoying. This, in my opinion, is one of the largest problems in Martech and the broader technology landscape – what do we do with passwords? Customer identity hinges on the password, it’s the lifeblood of first-party data and the way in which so much of digital experience is mediated. But it’s also a single point of security failure, costing companies millions every year.

There’s one organization that’s been working on the problem of passwords. Fast ID Online (FIDO), a global alliance that has been working on the future of passwords for more than a decade, has reached a significant turning point recently. It’s a milestone that leads to a passwordless future and a deeper entrenchment of the big tech platforms.

Last week it was announced that Apple, Microsoft, and Google, the technology giants that manufacture the majority of our devices and control so much of internet infrastructure, will be joining the FIDO alliance to roll out passwordless and interoperable solutions across the three companies. This will allow possibilities like logging into a website on your chrome browser while using your Windows laptop and signing in using Face ID with your iPhone.

This is significant for two reasons; it’s a rare instance where these global platforms want to work together, and it’s one of the most important transitions from platform to protocol.  A comment on a recent TechCrunch article says it well “it’s like watching the wall go up around the Vatican.”

For years FIDO has been working across the technology landscape to build a passwordless future for consumers. The majority of the organization’s work has been to provide a free and accessible public key that is used within the device and operates on biometrics and cryptography.

The concept focuses on the idea that people shouldn’t have to risk their personal information getting hacked or abused by trusting the now millions of companies that collect and manage passwords. In 2021 FIDO reached more than 4 billion supported devices, with 150 million people using passwordless methods to access internet services each month and across platforms. FIDO is massive and is building the future of the password (or lack of).

The core mission of FIDO is that passwordless ways to log in will be far superior. The argument is that the way people log into websites and applications today has, and will always be significantly flawed. Passwords are a terrible customer experience because people must either remember, save, or go through the friction of resetting them.

Moreso, passwords are easily hacked, leading to billions of dollars lost in fraud, cybercrime, and the sheer spending on cyber security to avert catastrophe. In fact, according to MobileIron research, 42% of organizations in 2020 were breached because of a password compromise, with IBM reporting an average cost of more than $3.8 million per data breach. Passwords are one of the weakest links of the internet with the costs to manage them only getting higher.

Google, Microsoft and Apple are committing to the alliance and are promising to start implementing changes this year, including introducing passwordless technology between platforms.

This marks the biggest change so far in the history of FIDO. There’s a sizable chunk of the world’s population running through either the software or hardware controlled by these three companies which means that like every other form of innovation, there will be a trade off between improving the customer experience and ceding more control to already powerful platforms.  

If you control the password, you also by and large control the customer identity. This is an existential problem for many brands now relying more than ever on first party data to power sales, advertising, and marketing. With third party cookies on their way out, marketers have had to switch to collecting more first party data to enable advertising.

In the same way that publishers and big tech platforms have historically obfuscated the details of customer data in the third-party environment, the FIDO Alliance may also direct the same kinds of impacts to first-party data.

If these platforms create the kinds of interoperable technology that do away with passwords altogether, then identity is tied to devices which raises the question of whether email addresses will even be needed in this passwordless future. No email address significantly impacts how brands can meet customers' needs and stay in contact.

We’re already seeing this kind of identity takeover happening. Apple’s hide my email feature is already in full swing, by providing the ability to use a fake email address that forwards to your real one, customers don’t have to give up their identity to access services and apps. Google is offering virtual credit card numbers to better financially protect sensitive financial information. Microsoft already offers biometric scanning for login and is already moving toward passwordless sign-in with their own apps. The alliance between the three has been brewing under the surface for years as innovation slowly encroaches on the capture and management of customer identity.

The recent history of the password has been a land grab for control and platform dominance. For the customer, it doesn’t really matter all that much if these platforms gain more access and control over how they manage their online identity because they are already so integrated with almost every online interaction. Customers don’t mind ceding control over how their identity is managed online. It’s a strong value proposition of having a trusted company protect your identity. In other words, it’s safer inside the walls of the Vatican than out.

The shift here is what I call the transition from a platform to protocol. A protocol is an open-source, free and interoperable way to communicate online. Email is a protocol, RSS is a protocol, HTTPS is a protocol. These are the systems that power the internet for everyone and are owned by no one. As the web has grown there hasn’t been an open protocol for authentication, mostly because when the internet was just starting out the concept of having to log into every second website was very foreign.

Email addresses and much later phone numbers became proxies for authentication and identity but the actual password has not. This opens all kinds of interesting questions in the context of the alliance between the three big tech players. If the ability to log in without a password really is interoperable across these platforms, then the platforms are better able to lock people deeper into their ecosystems.

It’s very hard to leave a platform completely if you can't easily move your logins to somewhere else. Salesforce learned this lesson very early on; a CRM is a very sticky product because moving to a new one is very painful.

The challenge is how platforms will eventually restrict the ability of brands to collect and manage their own data on their customers. Reliance on the big technology platforms is already at an all-time high. It’s likely that if a company like Apple is able to control authentication, what makes us think that the same company could also control all the data collected in a logged-in environment? Brands may not even be able to contact a user without wiring the message through one of the many walled gardens.

This will transition technology platforms into de facto protocols in a significant way, and in quick succession make obsolete the thriving ecosystem of authentication applications that have sprung up around the problem of the password.

Spending on cyber security is set to exceed more than $1 trillion by 2025 and continues to grow significantly as both companies and consumers solve the problem of managing many hundreds of passwords securely and without duplication. It’s a huge problem that has minted many unicorns.

Companies like Okta, Duo, and Lastpass have grown by offering secure password authentication and identity management, particularly for enterprise businesses. According to Okta, Companies are now managing access to more than 80 apps on average in a growing SaaS ecosystem to support everything from operations to sales to customer service continues to grow.

Because of this, Okta has become a password powerhouse, reaching more than $1.3 billion in revenue in 2021 and growing 53% year on year. But it also suffered a major hack of its customer’s data in January, impacting 2.5% of customers, and their credentials. Even the biggest companies in this space have not figured out a solution to the password problem.

It’s hard to imagine a future without having to use passwords for everything, actually, it’s almost impossible. But make no mistake, passwords will soon become obsolete, and if Microsoft, Apple, and Google get their way, it will cement these platforms as enduring protocols, evaporating consumer choice and limiting competition. Links: PRESS RELEASE. REPORTING. FIDO OVERVIEW. GOOGLE.APPLE. OKTA. STATS

📈Chart Of The Week  

What is ResTech? It’s short for “research technology” and it’s a growing category of technologies that enable market and customer insights across a variety of industries. Link

📰 Latest Developments

The death of Terra (UST). One of the largest crashes of a cryptocurrency in the history of the internet happened this week. Terra UST is a stable coin that uses algorithms (not actual dollars) to keep it pegged to $1. There’s also a token called Luna that is directly connected with the Terra ecosystem. Terra unpegged after a series of big trades on the network, which triggered a 98% drop in market cap for Luna, from $40 billion to just $500 million in the space of 24 hours. With many people losing their life savings almost instantly, and another big DeFi project now dead, marketers need to be asking a question – is involvement with Web3 worth the brand risk? Links: NEWS, ANALYSIS: A, B, C. D. P.S this story pairs well with TMW #081 – Web3 and the belief economy.

AdTech’s golden days. Trade Desk, one of the largest players in the AdTech ecosystem, saw a 43% increase in revenues in Q1. This follows a strong increase in online ad spending across the APAC, UK, and US markets over 2021. Despite growing concerns about a cookie-less future, it’s still early in advertising technology. Link

Google’s Ad center. The company has announced a new way for customers to manage what ads they see on Google services. The proposed controls are very broad, with the ability for customers to self-select into categories or switch on or off ads from their favorite brands. This is partly a way to get zero party data on targeting preferences, and a wild experiment on the hypothesis that anyone will care, let alone use this feature. Link

📚 Reading

More on DALL E 2. Hal Crawford’s analysis on the latest generation of natural language processing AIs and how they will change the content economy. Link

The four myths of bundling. There’s only two ways to make money on the internet – bundling and unbundling. Link

The development of retail media. The idea of “retail media” is an especially 2022 concept as cookies deprecate and privacy becomes more important to marketers. But how are retailers and marketers capturing value from running ads on ecommerce networks? Link

🔢 Data & Insights

The contextual comeback. New Nielsen research suggests that contextual advertising is more engaging to consumers than targeted ads. Some of this has to do with the creative effort invested into contextual, fewer variations in targeting mean stronger messages. Link

AdProfs survey on opportunities in Adtech. TV still seems like a big opportunity. Link

PeerSignal. A database tracking the marketing and sales strategies of leading SaaS businesses. Goldmine. Link

💡 Ideas

Gucci x NFTs. Despite the tanking crypto market, luxury brands continue to embrace Web3 concepts such as NFTs. Reminder that luxury brands are very good at getting people to spend a lot of money on things with little to no real-world value. Link

The four modes of revenue development. An interesting perspective of balancing the context and mode of the customer. Link

The Disney of the Metaverse? A company called Superplastic has spent five years building a sprawling universe of characters and complex storylines for the digital world. If the Metaverse will be about anything, it will be about content. Link

✨ Weird and Wonderful

Real marketing definitions. A helpful cheat sheet. Link

The Olympus awards. Fascinating images of very zoomed-in things. Link

Swap your sandwich for a taco. An interesting brand experiment. Link


Stay Curious,

Make sense of marketing technology.

Sign up now to get TMW delivered to your inbox every Sunday evening plus an invite to the slack community.


Want to share something interesting or be featured in The Martech Weekly? Drop me a line at juan@themartechweekly.com.

Juan Mendoza

Marketing technology strategist at The Lumery, I analyse marketing, data, and technology trends for some of the most well-known Australian and global brands.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.