© All rights reserved.
nok nok nok nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • IoT SDK
  • Resources
    • Demo
    • White Papers
    • Videos
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support
nok nok
20 Mar
3 Min read

Passwords are like gum on your shoe…

March 20, 2021 Nok Nok News Industry News 0 comments

We all hate passwords. That’s not a revelation. We all have too many, we can’t keep track of them, they are the top source of breaches, they cost organizations billions and Verizon reminds us every year of this!

So why are they so difficult to get rid of?

For the most part, it’s because up until recently there was nothing better. Passwords – a shared secret – provide a common way to authenticate across any device. But it’s a single factor that is easily compromised and no longer practical in our digital world where we have to remember, on average, 90 of them. To get around the inherent security weaknesses and user experience issues, companies have invested in risk signals, OTPs, session cookies and other add-on strategies. But at the end of the day, there is still an underlying password that can be compromised, and causes user friction.

The good news is that over the last 5 years, the fabric of identity and authentication has been undergoing a wholesale upgrade from username and passwords to cryptographic keys – aka FIDO. What that means is that you can replace 2 weak factors (for example passwords and OTPs) that are both vulnerable to phishing attacks (and both add friction!) with a strong multi-factor approach that is more convenient and more secure at the same time. Those factors are 1) the device that people already have (their phones, their PCs, their tablets) that are now cryptographically bound and 2) the user verification performed by the device (e.g. fingerprint sensor, facial recognition, PIN).

The FIDO protocols make it possible to replace passwords with strong multi-factor authentication that is very user friendly – a swipe of a finger, a look into your phone’s camera, typing your Windows Hello PIN, etc. Most users prefer these alternatives – Apple made them popular when they introduced TouchID. Most companies have implemented biometrics in their mobile apps to alleviate some of the password friction. Very often, however, the password is simply cached so that approach provides no improvement to security. And, when the user authenticates to the web version of an application either on their phone or PC, they’re back to… you guessed it… the annoying password.

Up until last year, one of the excuses for sticking with passwords was that Apple wasn’t on board yet with FIDO – so the puzzle was incomplete. That’s no longer the case as Safari now supports FIDO – joining Microsoft, Google, and Firefox Mozilla in the quest to eliminate passwords. Now that FIDO adoption across the ecosystem makes it practical to extend the “TouchID” concept to any device and channel, we can finally scrape off the gum. Can’t we? The challenge is that while it seems like a no-brainer – easier, more secure — it’s a change. Digital transformation requires cross functional support. Each stakeholder must understand the value to their organization, and why it makes sense to take a strategic, new approach versus more tactical add-ons. The organization must also have a clear roadmap for moving from the legacy approaches to the new paradigm — what I call “transition vision”.

Stay tuned for my next blogs where I’ll discuss aligning internal stakeholders on the many business benefits, the value of a strategic approach, as well as best practices for embarking on your journey to passwordless.

Read more
04 Mar
4 Min read

Why Intuit picked FIDO

March 4, 2021 Nok Nok News FIDO Alliance, Financial Services 0 comments

One of the long-time FIDO supporters gave testimony to its biggest benefits at the recent Authentication 2020 conference. The speaker was Marcio Mello, who is the head of Product for Intuit’s identity and profile platform. The benefits are saving money and time when users have to login to their SaaS financial offerings from Intuit.

Intuit was interested in FIDO for many years, and at the beginning of 2020 rolled out a FIDO application for iOS users of TurboTax, its tax preparation package. Now, if you are like me and if you use some form of this software, your goal is to spend as little time as possible using it. When you are done with your taxes and file them with the IRS, you hope this is the last time you will ever see this software until next year. Well, that works against usability in a big way, because most of us don’t remember our account passwords. Mello reminded his audience of this fact: “We have yearly active TurboTax users,” he said during his presentation. “Our users don’t come back anytime soon, so often they don’t remember their account sign-in information and then have to hassle with recovering their accounts.”

This is a perfect use case for FIDO, and Intuit created a new process so they wouldn’t have any passwords to remember. Their goal was to require as few clicks as possible to sign in. “We didn’t want to remain the identity police because we had a poor user experience,” he said. “With the old pre-FIDO ways, users had a lot of data entry to key in. The faster we can get them into our app, the better for everyone. This is because we are all in this together for a passwordless journey. And it is a long-term journey, because it isn’t just offering a quick fix.”

Intuit evaluated various FIDO vendors and picked NokNok’s S3 Authentication Suite. As part of their evaluation, they ran various stakeholder education sessions with everyone that would be involved in the rollout. They approached the project by first building the user interface for sign on and account management, then did a phased launch with the iOS version of TurboTax. Their goal was to get rid of OTP SMS for sign ins. Here is a diagram from Mello’s talk that outlines how they intended to evolve their user interface and authentication policies. 

https://www.noknok.com/wp-content/uploads/2021/03/Intuit-Priorities.jpg

He mentioned during his presentation that FIDO offered many benefits:

  • The ability to future-proof identity standards that are also scalable and customizable.
  •  An opportunity to lower our operational costs.
  • Improve both security and privacy by having identity credentials that remain on your mobile phone. 
  • Adding friction at the appropriate times when users are doing something riskier on their accounts. 

That last point is an important one, because it is a sign of assurance and mutual trust. Before FIDO, there was friction all over the place, which promoted just the opposite intention. They intended to use a combination of visible and invisible signals for fraud detection such as user behavior as part of the authentication process, which is the last line on the chart above.

So what happened? Their results were impressive. They found that since the beginning of the rollout in January 2020, there was a 99% reduction in users having to recover their authentication details and a corresponding big reduction in support costs and phone calls. There was also a 20% improvement in successful sign-ins, when previously moving the needle 1% had proven to be very difficult.  There was a 60% reduction in the time it takes to onboard new users through account creation on the iOS app. They quickly got 2/3rd of mobile app sign-ins via FIDO  and 23% of their users are now totally passwordless. “It is only a matter of time before all of our users will activate FIDO biometrics on their devices,” said Mello. As part of the FIDO project, they have extended FIDO authentication to other Intuit apps. “One of the advantages of FIDO is that we can customize how the initial authentication dialogs are presented for each of our applications. It isn’t a one-size-fits-all anymore around here.” They are also working on extending FIDO authentication in their  browser applications leveraging Nok Nok’s ability to support passwordless authentication across any touchpoint – mobile app, mobile web, pc web and even SmartWatches.

Read more

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions
footer-logo
fido

Latest Posts

  • Missing the Forest for the Trees
  • Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity
  • Top 6 Considerations to Build vs. Buy FIDO-based Passkeys
  • Authenticate 2023: The Tipping Point for Passkeys and Passwordless Authentication

Navigation

  • Subscribe
  • Resources
  • Careers
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2023 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

About Us

Founded in Silicon Valey in 2011, Nok Nok is the trusted leader in frictionless, passwordless consumer authentication for the world’s largest organizations.

Recent posts

Missing the Forest for the Trees

Missing the Forest for the Trees

17 November 2023
0
120
New technologies, especially those that are transformational, get scrutinized – that’s normal.  The...
Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

10 November 2023
0
299
In the world of cybersecurity, the federal government sets some of the most...
Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

We use cookies on this website to improve functionality and performance, analyze traffic to the website, and enable social media features.  To learn more, please see Cookies in the Privacy Policy. Please click ACCEPT to agree to these terms.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

3rd Party Cookies

This website uses Google Analytics and other services to collect anonymous information such as the number of visitors to the website and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy

  • 日本語