In a previous blog series, my colleague Pedro Martinez took you through the evolution of digital banking authentication, and the path ahead – consisting of passkeys.
Passkeys is a new standardised authentication framework to rid passwords for good – this is great news for all of us, since passwords come with a lot of issues. We all have too many passwords to keep track of – in fact, the average user has more than 100 – meaning we tend to use passwords that are simple and reused for different accounts – yet we still for get them. It’s no wonder that up to 50% of all helpdesk calls are for password reset, according to Gartner.
Password phishing, when a user is socially engineered into revealing their password to a fraudster, is behind most account takeover attacks – but it doesn’t stop there. There is also a constant flood of data breaches, where stolen user credentials are sold on the dark web, making passwords very vulnerable. I dare you to check your password manager on your phone or laptop, I guarantee you will have multiple security recommendations or warnings about your passwords appearing in a data leak. In fact our Digital Trust Index found that one in three consumers globally have already become victims of a data breach – so the odds are pretty high.
Put short, passwords cost a lot.
FIDO Alliance to the rescue
FIDO (Fast Identity Online) Alliance is a cross-industry coalition that was created in 2013 with one clear objective – to put an end to passwords for good. They managed to gather many influential companies across the globe to develop open, interoperable authentication standards and implement the technology in their respective products. Most notably, they were able to on-board Apple, Google and Microsoft to endorse passkeys. This was a big step forward as it means the technology is available on the smartphones, computers and tablets we use daily, across all operating systems. They even agreed on a joint icon so end users can clearly recognise passkeys across platforms.
Public advertisement started in 2022 and we are now starting to see passkeys being implemented for digital services across industries with some trailblazers being PayPal, Best Buy, ebay, Boursorama Banque and Kayak – with the list continuing to grow on a daily basis.
Passkeys have been defined with the user experience in focus, and for sure they will make daily life easier for all of us – it is inevitable that they will replace passwords in time.
Will passkeys work for all industries ‘out of the box’?
Even if passkeys are undoubtedly more secure than traditional passwords, there are certain industries that may need to raise the security bar to be compliant with regional regulations. This is especially important for financial institutions (FIs) who must rethink the authentication approach to their digital services to take advantage of all the good features passkeys bring.
They also need to identify what additional security measures they can put on top of passkeys to reach the level of security that is required by themselves, and by industry regulations, such as PSD2 in Europe. Replacing passwords with passkeys for basic login is a no-brainer, but using passkeys for strong customer authentication (SCA) may need some adjustments.
Finally, financial institutions must make sure they can make a smooth migration from their current authentication technology to FIDO, with no interruptions for their end users.
The Thales IdCloud platform supports both OATH and FIDO2. We have extensive experience in helping financial institutions to transition from legacy authentication solutions whilst ensuring compliance and achieving the level of security demanded for their services.
In this video, Pedro Martinez shares some insights on FIDO and what the arrival of passkeys will mean for financial institutions.
FIDO Authenticate Virtual Summit
If you want to learn more about FIDO and Passkeys, join me at the upcoming virtual conference: “FIDO Authenticate Virtual Summit: Authentication in Financial Services and Commerce” on March 29.
What impact do you think passkeys will have on the financial industry? Share your thoughts in the comments below.
For further reading, visit: