Why insurers are losing customers at the login screen

Insurance companies are spending millions on optimizing the quote process, only to lose potential customers at the login screen. Why? Friction-laden authentication processes are driving customers away before they can even review their coverage options.

In fact, a report from Mc Kinsey found that more than 30% of customers are dissatisfied with insurance companies’ digital channels, and only 20% say that digital channels are their preferred way of interacting with their insurer. In today’s digital-first world, that level of dissatisfaction is untenable; every abandoned login represents lost revenue, damaged trust, and customers turning to competitors that make access seamless.

While this may sound bleak, insurers have a unique opportunity to turn authentication into a powerful driver for business growth while simultaneously strengthening security. Let's examine where authentication is currently falling short, and how, with the right approach, insurers can gain a competitive edge by streamlining their login process.

No one wins with outdated authentication methods

At insurance companies, internal discussions about reducing login friction tend to be dead on arrival for one big reason: security concerns. Insurers are keenly aware that they’re a prime target for cybercriminals. In the past year alone, we’ve seen cyberattacks on Allianz Life, Aflac, Lockton, and the United Health subsidiary, Episource, among others.

It’s understandable that insurers worry switching up their authentication strategy could lead to even more vulnerabilities and potential attacks. But the reality is, insurers’ current authentication protocols aren't just frustrating for customers — they’re also lacking from a security standpoint.

Take the example of using SMS codes for multi-factor authentication or two-factor authentication, which has been an industry standard for years. The fact that this authentication method is a hassle for customers has long been viewed as a necessary trade-off: whatever it takes to keep attackers at bay. But both the FBI and CISA are now advising Americans against using SMS codes given their susceptibility to SIM swapping and general network vulnerabilities.

Put simply, outdated authentication methods such as SMS create unnecessary barriers for customers in addition to security gaps. But this speaks of a larger idea: namely, the fact that passwords themselves are the problem. It’s time to retire these authentication methods in favor of passwordless options that provide stronger security and a better customer experience.

Enter the post-password era

Put yourself in the customer's shoes for a moment. You're trying to select a policy, but instead you're thrown into a password scavenger hunt: forced to track down your phone, enter an SMS code, answer security questions, and ultimately spend more time authenticating than actually selecting your policy.

Insurers can adopt passwordless authentication methods to eliminate those hurdles entirely. Here are two options that are ultra-secure and make login a breeze:

1. Passkeys

Let customers sign in using methods they already use and trust — such as Face ID, Touch ID or a device PIN. This removes the need to juggle passwords or codes. Behind the scenes, passkeys are incredibly secure and phishing resistant. But for the customer, using them feels as easy as unlocking their phone.

2. Magic links

Let customers log in with a single click — no passwords or codes required. These one-time, time-sensitive links don’t just improve security; they also reduce the “credential sprawl” for brokers juggling multiple carrier portals.

Authentication in the age of agentic AI

Passkeys and magic links will become increasingly important as insurers continue to adopt and leverage agentic artificial intelligence. When AI agents — such as copilots or large language model-powered chatbots — are introduced into an insurer's system without proper authorization controls, they can wreak havoc by compromising policyholder privacy, eroding regulatory compliance or even opening the door to fraud.

These agents are essentially just another identity to manage, so these risks can be mitigated by assigning identity credentials to AI agents just as you would for users — and applying authentication methods such as passkeys and magic links accordingly. Insurers need to expand their authentication frameworks to encompass these threats now, while regulatory standards are still taking shape.

Understanding barriers to innovation

It’s clear that streamlined authentication is a must for acquiring and retaining customers, maintaining a competitive edge, and upholding security. So why hasn’t every insurance company already modernized its authentication strategy?

Insurers’ legacy systems are invariably code-heavy, and many worry that changes to their existing authentication systems might harm their core product. Putting aside the fact that the benefits vastly exceed the risks, it's important to note that the situation isn't either/or; insurers that are wary of scrapping legacy systems wholesale can instead augment their implementation by testing old and new tools side by side, potentially supplanting legacy tech over time.

The mindset that authentication is a backend concern — something for IT to worry about —is no longer tenable. Today, easy authentication is a key business differentiator and driver of growth for insurance companies. In a hyper-competitive landscape where user experience can make or break a sale, modern authentication methods such as passkeys and magic links are quickly becoming table stakes. Insurers that realized this now will reap the spoils of the coming passwordless future — the rest will watch their would-be customers walk away.

© Entire contents copyright 2025 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

Rishi Bhargava is co-founder of Descope. Contact him at [email protected].