© All rights reserved.
nok nok nok nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • IoT SDK
  • Resources
    • Demo
    • White Papers
    • Videos
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support
nok nok
28 Feb
3 Min read

Nok Nok Shares The Passwordless Journey: Here’s What You Need To Know

February 28, 2022 Nok Nok News Industry News 0 comments

Passwords have been used for many years to protect data and accounts. Despite being used for security purposes, using passwords is not always the best option. That is especially true when combatting cyber security threats. In fact, passwords can be seen as a weakness.

The Passwordless Authentication Path

Various risks come with the use of passwords. For example, users can forget about them. They are also easily compromised since many reuse passwords across different systems. Passwordless authentication is seen as a better alternative.

As the name suggests, password-free authentication includes the use of alternative authentication methods instead of relying on passwords. Common methods include the use of a secondary device or account for verification and biometric authentication.

Aside from reducing cyber security risks, going passwordless can help make reduce friction so that users will have a smoother experience. On the side of an institution, it helps reduce expenses. At the same time, it can help increase sales or the number of users.

Implementing Password-Free Authentication For Cyber Security

There are different ways of applying passwordless authentication. It is also more complex than one may think. Depending on what a company chooses, it may require having dedicated development resources for a long time.

Fortunately, working with a trusted service provider can help organizations skip some steps. In fact, with the help of a service provider, organizations can easily implement passwordless authentication for their users.

What Nok Nok Has Learned

The passwordless journey does not happen overnight. That is one of the main points Nok Nok has pointed out in its presentation at Authenticate 2021. The reasons for this include existing systems and processes being deeply rooted in security practices. It also takes a lot to develop behavior change, which is something necessary to fully adopt passwordless authentication. Additionally, the passwordless journey is typically included in a larger digital transformation.

Nok Nok also shared some of its experiences in applying password-free authentication in systems from different institutions. Based on the results of these partnerships, Nok Nok is proud to share that all companies have seen success.

Among the most notable statistics include the following:

  • 10% improvement in onboarding success
  • 50% reduction in onboarding time
  • 6% increase in sign in success
  • 78% increase in sign in speed

Going password-free comes with many benefits for both the institution and end-users. However, it is important to ensure proper implementation.

If you want to learn more about safer authentication techniques for better cyber security, contact us at Nok Nok.

Read more
22 Feb
2 Min read

MFA For Cybersecurity Gets Highlighted In Federal Zero Trust Strategy

February 22, 2022 Nok Nok News Industry News 0 comments

Cybersecurity is one of the pressing issues that the United States is facing. Threats affect the government, organizations, institutions, and even individuals.

The Identity Theft Resource Center (ITRC) said there were 1,291 data breaches publicly reported in the U.S. from January to September 2021, affecting about 281 million individuals. In comparison, this total is 17% more than the recorded breaches during the same period in 2020.

Government Efforts: The Federal Zero Trust Strategy

To address this problem, the government looks for ways to improve cybersecurity. On January 26, 2022, the Federal Zero Trust Strategy was released. The Office of Management and Budget (OMB) published the strategy as Memorandum M-22-09. Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.

This move aims to promote a better security approach through government-wide efforts, setting a new baseline in terms of access controls. An important point to highlight is the prioritization of using phishing-resistant multi-factor authentication (MFA). Additionally, there is also a need to consolidate identity systems for improved protection and monitoring.

Understanding the Strategy

At the core of the strategy are two main focuses — the vision and actions on identity.

Generally, staff members of government agencies have to use enterprise-managed identities to get access to applications used for work. Phishing-resistant multi-factor authentication must be in place to protect said personnel against more sophisticated cyberattacks.

Three actions must be taken.

First, the agencies should have centralized management systems for users. 

Second, they should use strong MFA throughout the organization. Specifically, all agency staff members, contractors, and partners have to use phishing-resistant MFA. Meanwhile, public users should be given this option. Furthermore, it should not be required to use special characters for passwords or have regular password rotation.

Third, agencies should consider having at least one device-level signal when giving users authority to access resources. This signal is additional security alongside identity information about the authenticated user.

The FIDO Standard

Through the announcement of the strategy, the federal government also encouraged using FIDO2 standards. Thus, further recognizing the FIDO Alliance’s efforts to promote the use of phishing-resistant multi-factor authentication and reduce people’s over-reliance on passwords.

The FIDO2 is FIDO Alliance’s newest set of specifications. It includes Web Authentication (WebAuthn) specification and Client-to-Authenticator Protocol (CTAP). Learn more about the FIDO2 Project here.

Read more
15 Feb
2 Min read

E-Commerce Channels Get Better Security

February 15, 2022 Nok Nok News Cybersecurity, E-Commerce 0 comments

Security is among the top priorities and concerns of consumers around the world. That is especially true as we welcome more cashless transactions. Fortunately, many organizations have realized the importance of cyber security. For instance, EMVCo partnered with FIDO Alliance and W3C for fraud prevention.

Secure Transactions With Cyber Security

EMVCo, which is the organization that manages and develops EMV Specifications and programs to enable card-based payments, continuously works to ensure secure payment transactions. Addressing the challenges that come with global interoperability, the organization introduced an enhanced EMV 3-D Secure (3DS) Specifications. 

The latest version is called the EMV 3DS 2.3. It aims to improve the customer experience while strengthening the capabilities of acquirers, issuers, and merchants to fight fraud across various e-commerce channels and devices. 

EMV 3DS 2.3 At A Glance

The goal of adopting EMV 3DS 2.3 is to make the overall payment experience of customers better with a streamlined authentication process. At the same time, it offers more flexibility in implementing the EMV 3DS across channels and devices. Thus, helping issuers with the identification of fraudulent transactions.

One of the most important updates of this version focuses on cyber security. In its bid to further its efforts against fraud, EMVCo worked with World Wide Web Consortium (W3C) and FIDO Alliance. The collaboration resulted in the inclusion of Web Authentication (WebAuthn) and Secure Payment Confirmation (SPC) in the EMV 3DS flow. With these, issuers or merchants can better determine if a transaction is legitimate or not.

Here are other things you can expect:

  • Expect easier implementation of EMV 3DS on traditional and non-traditional e-commerce payment channels and/or devices due to the Split-SDK model that has multiple variants.
  • The consumer authentication process is seen to be faster as the updated version supports device binding, wherein the consumers’ devices remember their authentication details. 
  • The automated out-of-band transitions will allow consumers to seamlessly switch from a merchant application to a merchant application and vice versa. 
  • There will be additional data — transaction and EMV Payment Token — to help the issuers better identify transactions. Said data will also help simplify authentication in the future.

You can learn more about EMV 3DS Specifications on the organization’s website. You can also stay updated on new developments in cyber security by subscribing to Nok Nok.

Read more
08 Feb
3 Min read

FIDO Alliance Welcomes The CISA’s Updated MFA Guide: Here’s What You Should Know

February 8, 2022 Nok Nok News Industry News 0 comments

The U.S. Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) recently released its updated multi-factor authentication (MFA) guide. In it, the CISA also flagged FIDO as the gold standard for MFA.

FIDO Alliance, an open industry association that aims to develop and promote authentication standards, welcomes this development. The update is aligned with FIDO’s mission of reducing the over-reliance of the world on passwords. With this and the new Federal Zero Trust Strategy, the U.S. government is seen to send a clear message that the use of FIDO standards is preferred.

Understanding MFA: What It Is

Authentication is one way of ensuring cybersecurity. It is the process of validating a person’s identity and credentials, ensuring that they are who they claim to be. To further strengthen security, multi-factor authentication was introduced. It is also known as two-factor authentication. 

As the name suggests, it includes a combination of authentication methods. For instance, a user wants to access their bank account online or through their bank’s mobile app. They will have to go through MFA, which uses knowledge, possession, or traits.

Having multiple steps makes it harder for hackers to crack, steal, or compromise accounts.

Enabling MFA

The CISA offers a detailed guide — from the planning to the execution phase. Organizations can use this to strengthen their authentication process. 

Its latest update on the MFA guidance, however, emphasized ways of enabling MFA. Among the different forms of authentication that the agency enumerated are text message (SMS), email, authenticator app, and push notification.

Additionally, the CISA mentioned the use of the FIDO key. 

Fast Identity Online (FIDO) refers to a set of standardized authentication protocols that can help ensure cybersecurity while reducing reliance on passwords. It is built into the major browsers and phones. Meanwhile, the FIDO key refers to a portable security key. It is a hardware device to be used as an additional authentication method as part of an MFA. You can think of it as an encrypted version of your house key. 

Using these security measures can help make it more difficult to access information. It is especially needed nowadays as passwords and usernames are often compromised by various attacks like phishing and more sophisticated password cracking techniques.

Furthermore, CISA recommended using multi-factor authentication on email accounts, financial services, social media accounts, online stores, and even on gaming and entertainment streaming services. The agency also encouraged consumers to request companies and organizations to enable MFA for better security. 

Read more
01 Feb
3 Min read

Understanding Different Authentication Methods (And Why SMS Is Not The Best Option)

February 1, 2022 Nok Nok News Industry News 0 comments

As technology advances, so does cyberattacks. Hackers find more sophisticated ways to overcome cybersecurity. To protect data and information systems, organizations use authentication.

What It Is

Generally, authentication refers to the process of recognizing user identity. It is often seen at the start of applications.

Different credentials may be involved. These can be categorized into three. 

The first one is knowledge. The application or system will ask for something the user knows. It can be a PIN or a password.

The second category is possession or something that the user has. It can be an authentication application or SMS-based one-time passcode (OTP).

The third type is traits. This one refers to something that verifies who the user is, such as a face scan or fingerprint. 

Different Authentication Methods

For cybersecurity, the best approach is to have multi-factor authentication or what some may know as two-factor authentication. However, only 2.3% of Twitter active users are using this method as reported in the social media company’s Account Security Report.

Among those who said they take advantage of two-factor authentication, 79.6% use SMS-based OTPs. The problem is that SMS is one of the least secure methods of authentication.

It is important to understand that not all multi-factor authentication systems are the same. Some utilize more secure methods than others. To better understand this, it is necessary to get to know some of the authentication methods often used in two-factor authentication.

  • SMS-based OTPs: Having SMS-based authentication implements multi-factor authentication. However, it is seen as the least effective when it comes to preventing common cyberthreats and attacks, including SIM swap and phishing. It is also not the most convenient method.
  • Authenticator Apps: The user installs an authenticator app, which continuously generates new codes to show proof that the user owns the device tied to their account. While it may be better than SMS, using authentication apps is still open to the risk of getting intercepted through phishing and advanced attacks. 
  • Security Keys: These refer to physical authentication devices. The user will connect to their device through Bluetooth, NFC, or USB. The security key will serve as their proof of identity when trying to access an application or website. To ensure maximum protection, having security keys that are up to FIDO standards is the best option. 
  • Biometrics: Biometrics refers to a trait unique to the authorized user. It can be a face scan or fingerprints. On-device biometrics that follows FIDO standards do not only offer convenience but also have phishing-resistant technology.

To further improve cybersecurity, organizations and service providers must offer simpler but better authentication options. Then, the next step is for them to convince their users and clients to enable two-factor authentication. 

Read more

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions
footer-logo
fido

Latest Posts

  • Missing the Forest for the Trees
  • Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity
  • Top 6 Considerations to Build vs. Buy FIDO-based Passkeys
  • Authenticate 2023: The Tipping Point for Passkeys and Passwordless Authentication

Navigation

  • Subscribe
  • Resources
  • Careers
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2023 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

About Us

Founded in Silicon Valey in 2011, Nok Nok is the trusted leader in frictionless, passwordless consumer authentication for the world’s largest organizations.

Recent posts

Missing the Forest for the Trees

Missing the Forest for the Trees

17 November 2023
0
120
New technologies, especially those that are transformational, get scrutinized – that’s normal.  The...
Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

10 November 2023
0
299
In the world of cybersecurity, the federal government sets some of the most...
Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

We use cookies on this website to improve functionality and performance, analyze traffic to the website, and enable social media features.  To learn more, please see Cookies in the Privacy Policy. Please click ACCEPT to agree to these terms.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

3rd Party Cookies

This website uses Google Analytics and other services to collect anonymous information such as the number of visitors to the website and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy

  • 日本語