120 VIEWPOINT The passwordless future of finance HAIDER IQBAL: THALES Financial services organisations should be looking to adopt alternative authentication methods to protect their systems and data from cybercriminals “Passkeys are helping improve authentication and paving the way for a passwordless future” Financial services organisations are among the most common targets of cyberattacks, with threat actors ranging from individual scammers to highly organised cybercriminal groups that attempt to exploit and disrupt the sector. Cybersecurity is therefore a vitally important consideration for financial institutions and their clients to prevent fines and reputational damage, and ensure confidence. For years, usernames and passwords have been the go-to method for securing our digital identities, and most US banks still rely on this method. However, everyone has moments where they are vulnerable to attacks exploiting their biases, and the challenge with using passwords is that users can quickly get fatigued. Constantly creating and keeping track of the burgeoning number of passwords needed to navigate the myriad systems they interact with daily is a task that leads to many users seeking workarounds. Fortunately, as technology advances, so do the methods available to authenticate users securely. This is why passwordless authentication is growing in popularity among organisations, because it eliminates many of the pain points and costs that come with managing passwords in an enterprise-sized organisation. One increasingly popular method is passkeys, a replacement for passwords. Offering enhanced user experience, security and scalability, passkeys are helping improve authentication and paving the way for a passwordless future. Passkeys are a more secure and easier option than passwords. With passkeys, users can sign in to applications and websites via biometric credentials such as a fingerprint or facial recognition, a PIN code or a pattern, meaning they no longer have to remember and manage passwords. The FIDO Alliance is at the vanguard of passkey technology. Fast Identity Online (FIDO) standards, such as FIDO2 and WebAuthn, facilitate secure authentication mechanisms by enabling passwordless logins via biometrics, USB tokens, or mobile devices. By eliminating the need for passwords altogether, FIDO standards mitigate the inherent vulnerabilities that go hand in hand with traditional authentication methods. While all types of passkeys serve the same purpose – eliminate passwords – there is some variation in how they can be stored and managed which impact the way financial services should use them. There are two categories: synced and device-bound. Synced passkeys are synchronised between user devices via a cloud service, which can be part of a given device’s operating system or third-party software. This allows users access to their credentials seamlessly across multiple devices. Whether logging into a website on a laptop or accessing an application
RkJQdWJsaXNoZXIy NzQ1NTk=