• Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • Smart Analytics Module
    • Smart Sense Module
    • IoT SDK
  • Resources
    • Demo
    • Videos
    • White Papers
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support Services
© All rights reserved.
Nok Nok Nok Nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • Smart Analytics Module
    • Smart Sense Module
    • IoT SDK
  • Resources
    • Demo
    • Videos
    • White Papers
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support Services
Nok Nok
Nok Nok News

Nok Nok News

15 Mar
4 Min read

When Securing Transactions, Global Experience Gets it Done

March 15, 2024 Nok Nok News Biometrics, Opinion 0 comments

In today’s digital age, banking apps on mobile devices have become ubiquitous, offering convenience and ease of access to financial services. With more than half of Generation Z, Millennials, and Generation X favoring mobile banking apps, it’s evident that traditional brick-and-mortar banking is rapidly being replaced by digital solutions. However, as the adoption of mobile banking apps continues to soar, ensuring robust security while maintaining a seamless user experience has become of paramount concern for banks worldwide.

To address these challenges, banks are turning to advanced technologies such as FIDO (Fast Identity Online) and WebAuthn (Web Authentication) to revolutionize payment authorization processes. It’s crucial to understand how these technologies are implemented, especially considering the differing approaches between the United States and the European Union.

In the United States, the emphasis is on leveraging biometrics within banking apps to streamline payment authorization. Users can authenticate using biometric features such as fingerprint or facial recognition, eliminating the need for cumbersome password entry. However, for online payments, the reliance on risk analytics and SMS one-time passwords (OTPs) has resulted in high rates of card-not-present fraud and false declines. The use of SMS OTPs often leads to user friction and increased abandonment rates, as customers are required to switch contexts or even use a second device. To combat these challenges, Secure Payment Confirmation (SPC) has been introduced, built on top of FIDO/WebAuthn to provide a phishing-resistant credential for authorizing online transactions with a single gesture, be it biometric or PIN. This approach significantly improves conversion rates, reduces fraud, and minimizes false declines, ultimately enhancing both security and user experience.

On the other hand, in the European Union, banking apps also utilize biometrics for authentication, mitigating the need for password entry and enhancing security. However, the approach to online payment authorization differs, with push-to-app being the preferred method. Users are required to switch to their banking app to approve payment transactions, introducing friction and potentially increasing abandonment rates. Despite the use of biometrics within the banking app context, the past impracticality of biometrics in the context of merchant apps – especially web apps – has limited its widespread adoption. Additionally significant is that there is a lack of integrity protection for web apps – with this, implementing “what-you-see-is-what-you-sign” directly in web apps is not possible today. To address these challenges, Secure Payment Confirmation (SPC) is employed on top of and leveraging FIDO/WebAuthn to provide a phishing-resistant credential that is triggered by the merchant’s app or by the issuer’s access control server (ACS). This approach improves conversion rates by simplifying the payment authorization process while maintaining robust security measures.

In both regions, the adoption of FIDO/WebAuthn-based solutions marks a significant step forward in enhancing the security and usability of payment authorization triggered by web apps or by an ACS. By providing users with seamless and secure authentication methods, banks can instill trust and confidence while fostering greater adoption of digital banking services.

As the banking industry continues to evolve in the digital era, it’s clear that innovative technologies will play a crucial role in shaping the future of financial services. By prioritizing security and user experience, banks can position themselves as leaders in the digital transformation of banking, driving greater customer satisfaction and loyalty in an increasingly competitive landscape.

When banks need to implement Secure Payment Confirmation (SPC) requirements, partnering with trusted FIDO vendors like Nok Nok who have experience in both US and EU payment security can ensure the successful implementation of this technology. Nok Nok’s ability to demonstrate a large user base employing various authentication protocols to produce cryptographic evidence further solidifies its position as a reliable partner in enhancing the usability for secure online payments.

Read more
10 Nov
3 Min read

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

November 10, 2023 Nok Nok News FIDO Alliance, Government 2 comments

In the world of cybersecurity, the federal government sets some of the most stringent requirements for its suppliers. It’s a landscape where only the best can thrive, and Nok Nok, a pioneer in Fast IDentity Online (FIDO) authentication solutions, has emerged as an important supplier. The company recently achieved the coveted Federal Risk and Authorization Management Program (FedRAMP) High authorization through its partnership with UberEther’s IAM Advantage. This achievement follows its DoD Impact Level 5 (IL5) achieved in 2022 and marks a significant milestone in delivering top-notch cybersecurity to federal agencies, partners, and citizens.

Here are the key takeaways from this latest achievement:

1. Federal Government’s Uncompromising Cybersecurity Standards

The federal government has long been known for its uncompromising cybersecurity standards. In response to the 2021 White House Cybersecurity Executive Order and the subsequent call from US Government CISO Jen Easterly for advanced Multi-Factor Authentication (MFA) based on FIDO standards, the demand for cutting-edge cybersecurity capabilities has never been higher. The government is leading the way in adopting the best of breed cybersecurity measures, making it crucial for suppliers to meet these advanced cybersecurity requirements.

2. Nok Nok’s Unique Position: FIDO and More

Nok Nok’s unique position as one of the original creators of FIDO standards sets it apart. The partnership with UberEther has enabled Nok Nok to provide federal agencies with phishing-resistant MFA that not only meets DoD Impact Level 5 (IL5) and FedRAMP High certifications but also complies with the Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NIST) standards. This combination of expertise and collaboration empowers federal agencies to meet the highest levels of security and regulatory requirements seamlessly.

3. Streamlining Phishing-Resistant Authentication

Nok Nok’s MFA solution offers an effortless and convenient alternative to traditional Personal Identity Verification (PIV) and Common Access Card (CAC) methods. Leveraging the public key cryptography capabilities of modern endpoint devices such as smartphones and PCs as well as security keys, the solution eliminates the need for additional drivers, middleware, or browser plugins. This approach provides a secure and user-friendly way for employees, contractors, and citizens to access information, all while reducing the vulnerabilities and costs associated with password management.

In Conclusion:

Nok Nok and its partnership with UberEther are at the forefront of delivering advanced cybersecurity solutions to the federal government, setting the gold standard for phishing-resistant MFA. With FedRAMP High authorization, FIPS and NIST compliance, and adherence to FIDO standards, Nok Nok and UberEther are ensuring the highest level of security for federal agency employees, contractors, and citizens. As the digital era continues to evolve, Nok Nok is committed to transcending traditional boundaries and meeting the dynamic cybersecurity needs of our modern society.

Read more
31 Oct
4 Min read

Top 6 Considerations to Build vs. Buy FIDO-based Passkeys

October 31, 2023 Nok Nok News Cybersecurity 0 comments

Here we are at the end of Cybersecurity Awareness Month, and you’ve heard  vendors declare how their solutions can help make you and your enterprise safe. There is a lot to consider and maybe you are thinking you can solve the problem on your own – and go the  “build vs. buy” route. Let’s look at the considerations when it comes to adopting the cutting-edge FIDO-based passkeys as the decision carries considerable weight and potential consequences.

When organizations contemplate the implementation of passkeys as an alternative to traditional passwords, they often start by focusing on the Minimum Viable Product (MVP). However, the real challenge lies beyond the MVP—the unknowns that come with version 1.1 and beyond. The technology landscape is constantly evolving, demanding adaptability and scalability. This is when the decision between starting from scratch and leveraging experienced vendors becomes critical.

Here are 6 considerations for your decision-making process:

1. Completeness: Beyond the Minimum Viable Product

Building a passkey solution from scratch may seem like an attractive proposition, especially for the sake of cost-effectiveness and fitting into existing infrastructure. However, it’s crucial to consider the road beyond the Minimum Viable Product (MVP). Rapid technological advancements necessitate staying up-to-date and future-ready. Vendors with experience in passwordless authentication solutions not only offer  much more than a MVP but also pave the way for future expansions and improvements, helping organizations avoid technological dead-ends.

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

The ability of passkeys to seamlessly integrate across diverse environments is a fundamental requirement. Most established vendors excel in providing such integration, saving organizations time and resources. In contrast, building this integration in-house can be time-consuming and expensive, especially when compliance requirements need to be addressed. Dedicated passwordless authentication vendors bring years of experience, ensuring compatibility across a wide range of devices and regulatory environments.

3. Seamless Integration and Backend Infrastructure Support

The tech landscape is no longer homogeneous. Maintaining compatibility across various hardware and software versions can be a significant challenge when building in-house. Dedicated vendors can simplify this process by integrating seamlessly with an organization’s existing backend infrastructure, including cloud Hardware Security Modules (HSMs) and Secret Stores. This integration capability minimizes extensive code changes.

4. Maintenance Challenges: Keeping Pace with Specifications

Staying abreast of evolving FIDO and WebAuthn specifications is crucial for passkey solutions. Organizations often underestimate the effort and resources required for ongoing maintenance when building in-house. Partnering with experienced authentication vendors ensures that passkey features remain up-to-date, reducing maintenance burdens and allowing organizations to stay focused on their core objectives.

5. Reducing Development Risks and Project Failures

Homegrown development carries inherent unknown unknowns, particularly when implementing a paradigm like passkeys for the first time. Organizations may overlook critical factors or encounter unexpected challenges, resulting in higher costs, delays, or compromises on user experience. Partnering with an established passwordless authentication provider mitigates these risks by leveraging their extensive experience and lessons learned from successful passkey deployments.

6. Capitalizing on Investment and Experience

While building a passkey solution independently may seem appealing from a cost perspective, it often fails to account for hidden expenses and missed opportunities. Unknown unknowns can be costly both in terms of time and money. Leveraging a vendor like Nok Nok, with expertise and a wealth of investment in FIDO-based implementations, ensures a smoother fit into existing infrastructure and access to valuable intellectual property.

Conclusion

While building a solution from scratch may appear cost-effective or a better fit for existing infrastructure, it often underestimates the maintenance challenges, development risks, and missed opportunities. By leveraging a traditional passwordless vendor’s comprehensive passkey features, organizations can ensure a complete, scalable, secure, and future-proof implementation, benefiting from the expertise and investment of a trusted industry leader.

Read more
11 Oct
3 Min read

Ditch the Passwords and Embrace Passwordless Solutions for Effortless E-Commerce

October 11, 2023 Nok Nok News E-Commerce, passwordless authentication 0 comments

In our hyper-connected digital era, where online shopping is an integral part of our lives, the cumbersome process of creating and managing passwords has become a significant roadblock for e-commerce platforms. A study by NordPass reveals that a typical internet user juggles between 70 to 80 different passwords, highlighting the complexity users face in managing their online identities. It’s high time we explore more convenient and secure alternatives to passwords to enhance the online shopping experience.

Imagine signing up for e-commerce websites with the same ease and simplicity you experience when unlocking your mobile device using facial recognition or a finger swipe. The prospect is intriguing, practical and when done correctly, more secure. Biometric authentication could potentially revolutionize the way we interact with online platforms, particularly in the realm of e-commerce.

One of the costly issues faced by e-commerce sites is shopping cart abandonment, which accounts for a staggering $18 billion in lost revenue annually. A significant portion of this abandonment stems from the cumbersome process of creating a password during the checkout process. When users are prompted to create an account with a password, especially when they are trying to complete their transaction, friction is introduced. This friction can discourage potential customers, leading them to opt for a guest checkout and even abandon their carts.

The consequences of this friction extend beyond lost sales. E-commerce platforms miss out on the opportunity to build customer loyalty and gather valuable customer data for tailored marketing strategies. When users opt for guest checkouts, companies lose the chance to personalize their outreach and marketing efforts. Marketing is all about understanding your audience, and the more information a company has about its users, the better they can target and engage prospective customers effectively. Studies show that users who create accounts have a 10% higher average order value.

What if e-commerce websites offered an alternative solution to the traditional password setup, allowing users to employ biometrics for authentication in the form of “one-step checkout” so that customers don’t have to enter their information repeatedly? Passwordless authentication that utilizes biometrics, such as touch ID and Face ID can provide a seamless and secure user experience. No need for complex passwords! Additionally, implementing FIDO-based Passkey authentication solutions, like those offered by Nok Nok, can protect users from the most common type of attack – phishing – making it extremely difficult for malicious actors to gain unauthorized access to accounts. This proactive approach to security not only benefits customers but also strengthens the credibility and trustworthiness of e-commerce platforms.

By embracing passwordless authentication solutions, e-commerce platforms can simplify the onboarding process leading to increased account creation and reduced cart abandonment rates. The seamless experience would encourage users to complete their purchases, engage more often and potentially foster long-term relationships, leading to increased revenue and enhanced customer loyalty.

It’s evident that the traditional method of creating and managing passwords is outdated and cumbersome, particularly in the fast-paced world of e-commerce. Implementing FIDO-based passkey authentication can be a game-changer, providing users with a more convenient and secure means of accessing e-commerce sites. It’s time for the industry to embrace these innovative authentication methods and elevate the online shopping experience for everyone.

Read more
05 Oct
4 Min read

Fun and Not so Fun Evolution of Authentication: Nok Nok’s Cybersecurity Month Special Series

October 5, 2023 Nok Nok News Cybersecurity 0 comments

In the vast landscape that is the digital world, security is paramount. As technology advances, so does the sophistication of cyber threats. Recognizing this critical need for cybersecurity, the month of October has been designated as Cybersecurity Awareness Month. This observance, which began in the early 2000s, aims to raise awareness about cybersecurity and educate individuals and organizations about the importance of protecting their digital assets.

Throughout this Cybersecurity Awareness Month, we will embark on a fascinating journey through the evolutionary phases/lens of authentication. Authentication, the process of verifying the identity of users and systems, has come a long way from its humble beginnings. From passwords to biometrics, multi-factor authentication (MFA), one-time passwords (OTP), and ultimately passwordless and passkeys, we explore the transitions that have revolutionized the way we secure our digital lives.

Fun-Facts and Not-So-Fun-Facts

The Era of Passwords
Passwords were the pioneers of authentication in the digital realm. Their roots can be traced back to ancient times when watchwords and secret codes were used to gain access to restricted areas. Fast forward to the computer age, passwords became a ubiquitous form of authentication. The word “password” itself can be dated back to the 1960s, gaining prominence with the advent of computing.
Fun Fact: The world’s first password, reportedly used at the Massachusetts Institute of Technology (MIT) in the early 1960s, was “password.”
Not-So-Fun Fact: Weak passwords are still a major vulnerability. “123456” and “password” have consistently topped the list of most commonly used passwords, highlighting the need for stronger authentication methods.

Rise of Biometrics
The 21st century brought forth a paradigm shift in authentication with the integration of biometrics. Biometric authentication uses unique physical or behavioral traits, such as fingerprints, facial recognition, and voice patterns, to verify an individual’s identity.
Fun Fact: The idea of using fingerprints as a means of identification dates back to ancient Babylon, where fingerprints were used on clay tablets for business transactions.
Not-So-Fun Fact: Modern AI makes it easy to create deep-fakes, making spoofing practical, emphasizing the need for a possession factor as well.

Multi-Factor Authentication (MFA)
To enhance security, the concept of MFA (or two-factor) emerged, combining two or more authentication methods. MFA typically involves a combination of something you know (e.g., password), something you have (e.g., smartphone), and something you are (e.g., fingerprint).
Fun Fact: MFA can be traced back to the use of bank ATM cards, which require the card (something you have) and a PIN (something you know).
Not-So-Fun Fact: Phishing attacks can bypass legacy MFA, emphasizing the need for phishing-resistant MFA.

One-Time Passwords (OTP)
OTP is a dynamic authentication method that provides a single-use code, usually valid for a short period. It’s widely used for secure logins and transactions.
Fun Fact: OTPs gained popularity in the mid-2000s and have since become a standard for secure online interactions.
Not-So-Fun Fact: OTPs are easily phishable and users have no easy way of knowing whether they are entering them into a legitimate application.

The Emergence of Passwordless Authentication and Passkeys
In a bid to eliminate the weaknesses associated with traditional passwords, passwordless authentication and passkeys have gained traction. Passwordless authentication often leverages biometrics, device fingerprinting, or cryptographic keys to verify users, while passkeys involve securely stored credentials on devices.
Fun Fact: FIDO (Fast Identity Online) Alliance has played a significant role in the development and adoption of passwordless authentication standards.
Not-So-Fun Fact: The adoption of new authentication methods can be slow due to organizational readiness and resistance to change.

Conclusion

Cybersecurity Awareness Month serves as a timely reminder of the ever-evolving landscape of cybersecurity and the imperative to stay informed and updated. The journey from passwords to passkeys showcases the constant efforts and innovations in the realm of authentication to enhance security and protect our digital footprints. As we celebrate Cybersecurity Awareness Month, let us embrace these advancements and continually strive to bolster our digital defenses for a safer online world.

 

Read more
19 Sep
3 Min read

Nok Nok: Making Mobile Banking More Secure and Convenient

September 19, 2023 Nok Nok News Mobile Banking 0 comments

The Mobile Banking Revolution Affords Freedom

Mobile banking has become an integral part of modern life – at least once a month consumers use mobile native and web apps to access their banks. It offers convenience and accessibility, enabling users to manage their finances from home and on the go. From checking account balances to transferring funds and paying bills, mobile banking has revolutionized the way we handle our money. Some of the biggest names in banking aspire to make the “Best Mobile Banking Apps” List.

However, with this convenience comes a significant challenge: security. Even with various risk management requirements and procedures in place, mobile banking transactions can be vulnerable to various threats, including phishing attacks, identity theft, and scalable password attacks. Any banking or financial institution needs to be on top of these rules and threats daily.

Just a Few Benefits of Nok Nok’s Passwordless Authentication 

Mobile Banking Without Friction/MFA Fatigue

One of the best ways that banks can keep customers engaged and safe is by reducing user friction. Unlike traditional two-step authentication methods that can be cumbersome, Nok Nok simplifies the process. It requires only a single step by the user, eliminating the need for additional codes or passwords.

This streamlined process not only enhances user convenience but also protects against “MFA Fatigue” attacks, where users become frustrated with the complexity of multi-factor authentication and may opt for less secure methods.

Preventing Phishing!

Banks also need to be on the lookout for phishing attacks – which involves tricking users into revealing their login credentials including passwords and even OTPs through deceptive means. Nok Nok’s authentication uses FIDO credentials which cannot be “phished”. There is no “secret” that can be unintentionally shared with an attacker. Customers’ credentials remain confidential and secure, even when they’re away from home.

In addition to preventing MFA fatigue and phishing attacks, Nok Nok reduces user friction, making the overall mobile banking experience safer and more seamless by employing:

Biometric Authentication

Nok Nok’s solution empowers financial institutions to embrace biometric authentication for their customers. This means that only authorized individuals can access sensitive financial data. Biometric authentication leverages unique physical traits such as fingerprints or facial recognition, making it exceedingly secure and challenging to replicate.

Device Trustworthiness 

Nok Nok’s solution goes further by evaluating the trustworthiness of the user’s mobile device before granting access to sensitive financial information. If a device is compromised or lacks essential security features, access can be promptly denied.

Scalability 

Nok Nok’s authentication platform is purposefully designed to scale seamlessly with the ever-growing demands of mobile banking services. It can efficiently accommodate 10’s of millions of users and devices without compromising the security of financial transactions.

Compliance 

Compliance with regulations is paramount in the world of mobile banking. Nok Nok’s solution aligns perfectly with financial industry regulations, ensuring that banking organizations remain compliant with data security and privacy standards.

Conclusion

As the world continues to embrace mobile banking as a fundamental part of modern life, security remains a top priority. Nok Nok’s innovative authentication methods ensure that banking customers can enjoy the benefits of mobile banking without compromising on safety. So, whether you’re planning to simply check your account balance on a lazy Sunday in the backyard or in the parking lot before a little retail therapy – Nok Nok has your back, keeping your financial data secure and accessible with ease.

Read more
17 Aug
2 Min read

Test Drive the Nok Nok Passkey Authentication Solution

August 17, 2023 Nok Nok News Demo/Free Trial, Featured 0 comments

Before you buy a new car, you test drive it. Sometimes you test drive lots of cars before you make a decision. Not all cars are the same, and they are definitely not the same as your old car. You want to see how the car drives, how the brakes work, cruise control, air conditioning and of course the all important safety features. It is the same when it comes to buying technology solutions – security is paramount. And equally important is the “look and feel” when the solution is customer facing. And now you can test drive the Nok Nok passkey authentication solution.

How often has customer experience ruined your relationship with a brand after the brand has changed an interface? Facebook changed its look and feel almost every two years and it drove their users nuts every time! But what if change made things much better and easier? Like when Apple introduced Touch ID? Nok Nok provides a passkey authentication solution that lets you authenticate your customers quickly and easily across mobile phones, desktop computers and tablets– all without passwords – a delightful change! It won’t look and feel like your old “car,” it will be better, and more secure!

And guess what? You can test drive Nok Nok  when you sign up for a free trial. And learn more about how using a Nok Nok passkey authentication solution is the same regardless of your device  when you watch the video. And btw – our video is shorter than test driving a car!

Free Trial
Watch Video
Read more
11 Aug
3 Min read

Nok Nok at the White House

August 11, 2023 Nok Nok News Government 0 comments

Discussion on how the Federal government can support and benefit from advances in phishing-resistant authentication.

Matt Lourie, Sr. Director of Engineering

Last month, Nok Nok Labs attended the White House Multifactor Authentication (MFA) Modernization Symposium. This event brought together government and industry leaders to discuss how to achieve full adoption of MFA across federal agencies, as called for in the Executive Order on Improving the Nation’s Cybersecurity.

Many government agencies currently rely on Personal Identity Verification (PIV) and Common Access (CAC) cards for employee authentication. However, these smart cards are not always convenient for remote access and everyday use. Connecting to a separate card reader can negatively impact user experience. As Deputy National Security Advisor Anne Neuberger noted, government policies should not create barriers to MFA adoption.

There was broad consensus among participants at the symposium that to fully implement MFA, the government needs to move beyond legacy technologies and embrace advanced standards like passkeys. Passkeys are a modern type of credential that can help government agencies finally achieve comprehensive MFA deployment. With passkeys, users authenticate using a cryptographic key pair stored on their device, rather than typing in a password, providing phishing-resistant security without the usability drawbacks of traditional second factors. Passkeys are already supported across major platforms and browsers and can be bound to a single device or synced across multiple devices, making them a practical path to securing access for employees, contractors, and citizens across all applications and environments.

It is clear that the transition to full MFA adoption will take thoughtful planning and cannot happen overnight. With over a decade of experience in authentication and as a founding member of the FIDO Alliance, Nok Nok Labs is well prepared to assist agencies throughout this process of transitioning to full MFA adoption. We understand the unique needs of the government and have solutions to deliver robust security and usability at scale.

While modernizing authentication is no small task, the White House symposium reiterated that it must be a priority if we are to defend our digital infrastructure in today’s threat environment. Public-private collaboration will be key to overcoming roadblocks on the path ahead. Nok Nok Labs looks forward to continuing to work with our partners across government as we chart the course to a passwordless future and a more secure online experience.

 

Read more
02 Aug
5 Min read

Most Organizations Still Using Phishable Multifactor Auth

August 2, 2023 Nok Nok News Featured, Press Release 0 comments

Survey Reveals Majority of Organizations Still Using Phishable Multifactor Methods for Customer Authentication

San Jose, CA – August 2, 2023 – Nok Nok, a leader in passwordless authentication for the world’s largest organizations and Enterprise Strategy Group (ESG), today released the findings of a comprehensive survey on the state of passwords. ESG surveyed over 350 IT, cybersecurity, and application development professionals responsible for identity and access management programs in North America. The results shed light on the challenges organizations continue to face using traditional authentication methods and the increasing interest in passwordless authentication as a more secure and user-friendly alternative. With the availability of low cost cloud CPUs to crack passwords and the prevalence of known accounts/passwords, organizations recognize that passwords are not secure. The survey revealed that traditional authentication methods, such as passwords, are not effective in the face of evolving cyber threats

  • 52% of organizations said eliminating customer passwords had a significant positive impact on revenue. In addition to the expected risk reduction that comes from deploying passwordless authentication for customer-facing apps, removing friction from passwords and MFA positively impacted revenue, customer productivity and satisfaction, and credential-based cybersecurity incidents.
  • 76% of organizations experienced multiple account or credential compromises over the past 12 months. Organizations face a multitude of disparate attack vectors targeting weak authentication methods. Unfortunately, organizations are still not prepared to respond to account or credential compromise, and thus multiple incidents have become the norm.

The survey also highlighted the importance of passwordless authentication for customer-facing applications. Organizations understand the risks of account takeover attacks and the need to secure customer identities. However, a significant portion of customer identities are believed to continue to be insufficiently secured. To mitigate these risks, organizations are prioritizing customer authentication practices, with 36% of the respondents designating authentication as a critical activity.

“In the face of weak passwords and phishable legacy authentication solutions, the survey shows that customer passwordless authentication can deliver a host of security enhancements and increase the user experience,” said Jack Poller, Senior Analyst, ESG. “Benefits include reduced calls to help desk/IT for password resets and account lockouts, to increased customer productivity and satisfaction by eliminating the friction from passwords and MFA, as well as
eligibility to obtain cyber-insurance or reduce rates.”

The findings of the survey indicate that organizations are actively investing in strong authentication, with passwordless authentication gaining traction. Passwordless authentication not only enhances security but also improves the user experience by eliminating the need to remember complex passwords and reducing the reliance on phishable MFA factors.

“This survey reveals that organizations are still relying on the most common, weakest methods of MFA, SMS, and one-time email codes, even when FIDO-based phishing resistant strong authentication is available.,” said Phil Dunkelberger, CEO of Nok Nok. “Major platform vendor ssuch as Google, Apple and Microsoft have all embraced FIDO standards and are rolling out passkeys for consumers. It is time enterprises do the same for their customer authentication.”

For a copy of the results with more detailed information and insights from the survey, please review The State of Passwordless Authentication eBook.

About TechTarget

TechTarget is a leading technology media company that provides trusted and targeted content to enterprise technology buyers and decision-makers. With a network of over 140 technology-specific websites, TechTarget delivers quality content, research, and analysis to help organizations make informed technology purchasing decisions.

About Nok Nok

Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the passwordless authentication market today. Nok Nok empowers organizations to significantly improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, https://noknok.com/.

Read more
21 Jul
2 Min read

Cyber Hero Micro Briefing Series with Matt Topper

July 21, 2023 Nok Nok News Cyber Heros, Featured, Video 0 comments

Security, privacy and identity are very serious topics but the people beyond these technologies are human – they are creative and they find unique ways to solve the complex problems surrounding these topics. This week’s big blockbuster premiere coming in with a bang is “Oppenheimer”, the new Christopher Nolan movie starring Cillian Murphy as the infamous Robert Oppenheimer, father of the atomic bomb. 

Although our Cyber Hero this week may not have created one of the most secretive, private and protected research sites on earth like Oppenheimer, he has built a space where users can scale, build resilience and safely and securely access the service. Matt Topper of UberEther is a big proponent of safety and security, and he believes high-level security should be accessible to everyone, not just a few scientists in Los Alamos. 

While they are not guarding the secrets of the nuclear bomb, most regulated industries have incredibly high security requirements nowadays including multi factor authentication. Listen to Matt dissect the pros and cons of this kind of technology and its place moving forward.

Listen to Matt’s full podcast episode from earlier this week and subscribe to our blog to stay up to date on all the comics and podcasts premiering this summer in our Cyber Hero Origins series!

Read more
  • 1234…11

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions

Contact and Subscribe

* indicates required

Latest Posts

  • World Password Day: Time to Ditch Passwords for Good?
  • Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective
  • Phillip Dunkelberger Recognized as a “Champion in Security” by Portal26 at RSA Conference 2025
  • Another Step Towards a Passwordless Future

Navigation

  • Subscribe
  • Careers
  • Resources
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2025 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

 

Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}

Please complete this form to view and download this resource.

Submit to Download Forms

* indicates required

[mc4wp_form id=”18773″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18790″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18789″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18788″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18787″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18786″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18785″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18784″]

Please complete this form to view and download this resource.

[mc4wp_form id=”18783″]

MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

  • 日本語