Billions of dollars are spent on legacy perimeter-based security annually, yet data breaches and theft continue to accelerate. These security risks are among the threats that institutions, especially those dealing with finance, need to address. Not only will solutions protect the organization itself, but they will also ensure the trust and safety of consumers – a top five 2022 priority among VP, C-suite and other enterprise executives.
Going Password Free
For many years, we have been relying on the use of passwords and knowledge-based-access (KBA) to verify user identity before granting system access. With its addition, while MFA has helped in protecting users against many types of attacks, the attack strategies of criminals evolved to find additional ways to take over accounts and conduct data breaches and identity theft.
Modern, phishing-resistant authentication (also referred to as “passwordless authentication”) is now a leading priority to improve security. Generally, it involves a consumer-centric approach to verify user identity without the need to capture, store and transmit passwords, personal secrets and other sensitive user data. This modern authentication approach involves cryptographic keypairs combined with one-time passwords (OTPs) and device-level biometrics that verify users on devices requesting access to digital services in a way that dramatically decreased user friction related to account setup and sign-in.
The advantages of going password-free can be experienced by both the institution and the users. As it offers dramatically reduced user-friction with defense-grade security, both the user experience and enterprise performance improve significantly. Enterprises implementing modern, phishing-resistant identity and authentication report authentication success rates of 99.5%, speed improvements in account signup and authentication of 50% or more and decreases in CSR calls and password resets of 60% or more. Both users and enterprises report dramatically improved consumer satisfaction in high value operating environments and payment transactions.
Nok Nok and Passwordless Authentication
Joining multiple members of the financial technology industry, Nok Nok participated in the recently conducted Authenticate 2021. Aside from being a participant, Nok Nok also served as a presenter.
During the presentation, attendees have seen some examples of real-world applications of password-free authentication. These are all based on Nok Nok’s customers’ experience.
- Intuit TurboTax®: The partnership between Intuit and Nok Nok has addressed the former’s problem with a high level of friction during the creation of a new account. By leveraging the mobile App for passwordless Sign-Up, the company has seen a 10% increase in Sign-Up conversions. The Sign-Up time has also shown a 50% reduction.
- T-Mobile: Forgotten passwords and account pins are among the problems many users experience. By incorporating FIDO-based biometrics and out-of-band push authentication, there has been at least a 65% reduction in account recovery requests within three months.
- Fintech: Among the common problems causing friction to user experience is the complex login requirements, such as the use of passwords and SMS OTPs. Enhancing platform authenticators through FIDO passwordless authentication during web Sign-In, the Sign-In speed increased by 8x. Additionally, there was a 40% increase in users during the first month.
- Major Bank: Financial institutions are also increasingly targeted by cyberattacks, especially for fraudulent activities. The use of modern FIDO biometrics and application pins for secure access via a mobile app has helped reduce fraud incidents. The app user reviews rating has also seen an improvement. Since one-time password resets are dramatically reduced, OPEX costs of decreased SMS OTP were reduced as well.
- TEPCO Power Grid: Ensuring security is a must for the power grid. However, encouraging the use of complex passwords which are deemed “secure” slows down maintenance workers. To address this problem, Nok Nok and TEPCO leveraged modern web browser and device biometric authentication. Not only did this approach offer safe Sign-In experiences, but it also increased the speed and simplicity of account registration, account creation and sign-in as well.