The coronavirus pandemic resulted in the accelerated growth of digital financial services, which challenged banks and financial technology firms to provide a secure authentication method to identify their customers. Banks can no longer rely on passwords since they are an outdated authentication method to serve as the first line of defense against unauthorized access.
Using passwords can effectively keep unauthorized persons from accessing an online account if the customers use different strong passwords for different accounts. However, most people use simple passwords and reuse them for multiple accounts, allowing cyber thieves to access a bank account after a successful phishing attack or data breach. Once a fraudulent individual knows another user’s login details, the password is no longer effective for identity verification.
Banks have started going passwordless to mitigate the risks of passwords compromising their customers’ bank accounts. The shift towards passwordless authentication is part of the banks’ due diligence to comply with regulations, including the Anti-Money Laundering, Know-Your-Customer, and Payment Services Directive 2.
Passwordless logins will improve a bank’s defenses by providing the customers with a seamless way to access their accounts. Banks can implement the logins using FIDO2 authentication, which leverages a robust combination of authentication credentials like inherence factors and possession factors used alongside knowledge factors.
FIDO 2.0 cryptographic login details harness commonly used iOS and Android mobile devices with facial and fingerprint recognition support to give customers a simpler authentication experience. Access to the account is limited to a device registered to a customer and a secondary facial or fingerprint biometrics to unlock the FIDO cryptographic keys.
Continuously using passwords will potentially compromise data security, primarily because the customers reuse their social media passwords for their bank accounts. Passwordless logins can eliminate the risk of thieves having access to other people’s bank accounts after a phishing attack. For more information, see this infographic by authID.