121 on a smartphone, synced passkeys ensure a consistent and frictionless user experience. Device-bound passkeys are tied to specific hardware, such as a smartphone or a USB security key. By leveraging the unique characteristics of each device, these passkeys boost security by adding another layer of protection against account compromise. This type of passkey also reduces the reliance on centralised servers, mitigating the risk of data breaches and serverside attacks. Last but not least, they fully comply with regulations such as PSD2. While synced passkeys are a good alternative to passwords for moderate assurance use cases such as login to web resources, banks should also enable device-bound passkeys for high assurance use cases requiring strong customer authentication (SCA) or multi-factor authentication (MFA), such as customers operating a final transaction or employees or business partners accessing sensitive digital resources of the organisation. A good benchmark for banks in the USA is the PSD2 regulation in Europe. Synced passkeys, while great for user experience, cannot fully match the stringent SCA requirements. To ensure a smooth and secure transition to new methods of authentication, financial services companies should adopt Thales’ Passwordless 360° approach, which provides a comprehensive framework for planning and evaluating passwordless implementations. Key steps of the Passwordless 360° approach include user ecosystem mapping, in which internal and external users, including employees, customers, partners and suppliers, are charted. Organisations should evaluate their access levels, transaction types and associated data sensitivity, a process which will expose potential security gaps in current and planned passwordless coverage. Next, the organisation should establish risk-based assurance levels by determining the appropriate authentication strength for each user group. High-risk scenarios necessitate robust MFA, such as using hardware keys in combination with biometrics. For low-risk access, however, streamlining authentication may be more convenient. Finally, overlaying existing passwordless deployments onto the map highlights any remaining vulnerabilities. For example, strong authentication for internal supply chain staff might not address equally sensitive access by external collaborators. Overall, the Passwordless 360° approach empowers IT leaders to visualise complex passwordless needs, justifying investment to stakeholders and prioritising a phased rollout for maximum impact. By adopting the holistic Passwordless 360° approach, businesses become more resilient against cybercriminals’ evolving tactics. It’s time to move into the future of authentication. With FIDO passkeys, financial institutions can enjoy the unbeatable combination of security, usability and trust they provide. Haider Iqbal is identity and access management product marketing director at Thales Discover more about the Passwordless 360° approach at: bit.ly/4gEGjbK FINANCIAL SERVICES Photo: adobestock/Thapana_Studio
RkJQdWJsaXNoZXIy NzQ1NTk=