02 May

4 Min read

Friction and Fatigue = Fraud: not with Passkeys!

May 2, 2024 Nok Nok News 0 comments

Friction and Fatigue = Fraud: not with Passkeys!
Enhancing Banking Security Through Advanced Authentication: Embracing Passkeys

In today’s digital landscape, where online transactions have become ubiquitous, ensuring robust security measures within the banking sector is paramount. But users too often encounter friction in their onboarding process or just give up due to the multiple times they are asked to prove their identity.

With the proliferation of cyber threats and the increasing sophistication of malicious actors, traditional authentication methods have proven to be inadequate in safeguarding sensitive financial data. However, a transformative shift is underway, powered by advanced authentication technologies such as FIDO (Fast Identity Online), revolutionizing the way banks protect their customers’ accounts and transactions. Here, we delve into four key considerations and an outlook on how banking security is being fortified with advanced authentication, particularly through the adoption of FIDO technology:

Seamless Authentication Across Platforms
Banks have made significant strides in leveraging biometrics for native banking app sign-ins, offering users a convenient and secure authentication experience. However, this convenience is often absent when accessing banking services via web browsers, where users are still required to rely on traditional usernames and passwords. By adopting FIDO-based passkey authentication for web applications, banks can provide a consistent and frictionless user experience across all platforms, enhancing security while reducing login time and fatigue.
Streamlining Payment Approvals
The current process of approving payments during e-commerce transactions often involves app-switching or device-switching, introducing unnecessary friction and potentially impacting conversion rates. With the integration of Secure Payment Confirmation (SPC) technology, powered by FIDO authentication, users can seamlessly approve payments without the need to switch apps or devices. Initial pilots have demonstrated a significant uplift in conversion rates, underscoring the efficacy of this approach in enhancing user experience and security.
Expanding the Role of Banking Cards
Traditional banking cards are primarily designed for offline use, limiting their utility in online transactions and contributing to the prevalence of card-not-present (CNP) fraud. By incorporating FIDO security key technology into banking cards, financial institutions can extend the functionality of these cards to online transactions, providing users with a secure and convenient authentication method. This not only simplifies device migration for banking app access but also reduces reliance on vulnerable authentication methods such as SMS-based OTPs.
Optimizing User Onboarding Processes
The conventional approach to user onboarding in banking often involves ID proofing before credentialing the user, resulting in potential disruptions and drop-offs during the signup process. By reversing this order and leveraging FIDO passkeys, banks can enhance the onboarding success rate while providing a seamless user experience. Passkeys eliminate the need for passwords altogether, further streamlining the authentication process and ensuring a smoother transition for new users.

Outlook: Shifting Towards FIDO-Based Authentication

The authentication landscape is undergoing a paradigm shift, transitioning from traditional methods like passwords and OTPs to FIDO passkeys. This evolution is driven by the need for stronger security measures, improved user experience, and compliance with regulatory requirements such as PSD2 and SCA. As banks embrace FIDO technology, they stand to benefit from enhanced security, reduced friction, and greater flexibility in authentication methods.

Where can you find the cross platform, streamlined but secure onboarding for your banking applications – Nok Nok. As one of the creators of FIDO-based authentication credentials, Nok Nok offers passwordless sign-up and sign-in to online services. Nok Nok™ solutions are built from the ground-up leveraging FIDO standards and offer the most comprehensive passkey support to meet the widest range of use cases.

In conclusion, FIDO-based authentication holds the key to fortifying banking security in an increasingly digital world. By embracing advanced authentication technologies and prioritizing user experience, banks can stay ahead of evolving threats and provide their customers with the peace of mind they deserve in their financial transactions.

15 Mar

4 Min read

When Securing Transactions, Global Experience Gets it Done

March 15, 2024 Nok Nok News 0 comments

In today’s digital age, banking apps on mobile devices have become ubiquitous, offering convenience and ease of access to financial services. With more than half of Generation Z, Millennials, and Generation X favoring mobile banking apps, it’s evident that traditional brick-and-mortar banking is rapidly being replaced by digital solutions. However, as the adoption of mobile banking apps continues to soar, ensuring robust security while maintaining a seamless user experience has become of paramount concern for banks worldwide.

To address these challenges, banks are turning to advanced technologies such as FIDO (Fast Identity Online) and WebAuthn (Web Authentication) to revolutionize payment authorization processes. It’s crucial to understand how these technologies are implemented, especially considering the differing approaches between the United States and the European Union.

In the United States, the emphasis is on leveraging biometrics within banking apps to streamline payment authorization. Users can authenticate using biometric features such as fingerprint or facial recognition, eliminating the need for cumbersome password entry. However, for online payments, the reliance on risk analytics and SMS one-time passwords (OTPs) has resulted in high rates of card-not-present fraud and false declines. The use of SMS OTPs often leads to user friction and increased abandonment rates, as customers are required to switch contexts or even use a second device. To combat these challenges, Secure Payment Confirmation (SPC) has been introduced, built on top of FIDO/WebAuthn to provide a phishing-resistant credential for authorizing online transactions with a single gesture, be it biometric or PIN. This approach significantly improves conversion rates, reduces fraud, and minimizes false declines, ultimately enhancing both security and user experience.

On the other hand, in the European Union, banking apps also utilize biometrics for authentication, mitigating the need for password entry and enhancing security. However, the approach to online payment authorization differs, with push-to-app being the preferred method. Users are required to switch to their banking app to approve payment transactions, introducing friction and potentially increasing abandonment rates. Despite the use of biometrics within the banking app context, the past impracticality of biometrics in the context of merchant apps – especially web apps – has limited its widespread adoption. Additionally significant is that there is a lack of integrity protection for web apps – with this, implementing “what-you-see-is-what-you-sign” directly in web apps is not possible today. To address these challenges, Secure Payment Confirmation (SPC) is employed on top of and leveraging FIDO/WebAuthn to provide a phishing-resistant credential that is triggered by the merchant’s app or by the issuer’s access control server (ACS). This approach improves conversion rates by simplifying the payment authorization process while maintaining robust security measures.

In both regions, the adoption of FIDO/WebAuthn-based solutions marks a significant step forward in enhancing the security and usability of payment authorization triggered by web apps or by an ACS. By providing users with seamless and secure authentication methods, banks can instill trust and confidence while fostering greater adoption of digital banking services.

As the banking industry continues to evolve in the digital era, it’s clear that innovative technologies will play a crucial role in shaping the future of financial services. By prioritizing security and user experience, banks can position themselves as leaders in the digital transformation of banking, driving greater customer satisfaction and loyalty in an increasingly competitive landscape.

When banks need to implement Secure Payment Confirmation (SPC) requirements, partnering with trusted FIDO vendors like Nok Nok who have experience in both US and EU payment security can ensure the successful implementation of this technology. Nok Nok’s ability to demonstrate a large user base employing various authentication protocols to produce cryptographic evidence further solidifies its position as a reliable partner in enhancing the usability for secure online payments.

10 Nov

3 Min read

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity

November 10, 2023 Nok Nok News 2 comments

In the world of cybersecurity, the federal government sets some of the most stringent requirements for its suppliers. It’s a landscape where only the best can thrive, and Nok Nok, a pioneer in Fast IDentity Online (FIDO) authentication solutions, has emerged as an important supplier. The company recently achieved the coveted Federal Risk and Authorization Management Program (FedRAMP) High authorization through its partnership with UberEther’s IAM Advantage. This achievement follows its DoD Impact Level 5 (IL5) achieved in 2022 and marks a significant milestone in delivering top-notch cybersecurity to federal agencies, partners, and citizens.

Here are the key takeaways from this latest achievement:

1. Federal Government’s Uncompromising Cybersecurity Standards

The federal government has long been known for its uncompromising cybersecurity standards. In response to the 2021 White House Cybersecurity Executive Order and the subsequent call from US Government CISO Jen Easterly for advanced Multi-Factor Authentication (MFA) based on FIDO standards, the demand for cutting-edge cybersecurity capabilities has never been higher. The government is leading the way in adopting the best of breed cybersecurity measures, making it crucial for suppliers to meet these advanced cybersecurity requirements.

2. Nok Nok’s Unique Position: FIDO and More

Nok Nok’s unique position as one of the original creators of FIDO standards sets it apart. The partnership with UberEther has enabled Nok Nok to provide federal agencies with phishing-resistant MFA that not only meets DoD Impact Level 5 (IL5) and FedRAMP High certifications but also complies with the Federal Information Processing Standards (FIPS) and National Institute of Standards and Technology (NIST) standards. This combination of expertise and collaboration empowers federal agencies to meet the highest levels of security and regulatory requirements seamlessly.

3. Streamlining Phishing-Resistant Authentication

Nok Nok’s MFA solution offers an effortless and convenient alternative to traditional Personal Identity Verification (PIV) and Common Access Card (CAC) methods. Leveraging the public key cryptography capabilities of modern endpoint devices such as smartphones and PCs as well as security keys, the solution eliminates the need for additional drivers, middleware, or browser plugins. This approach provides a secure and user-friendly way for employees, contractors, and citizens to access information, all while reducing the vulnerabilities and costs associated with password management.

In Conclusion:

Nok Nok and its partnership with UberEther are at the forefront of delivering advanced cybersecurity solutions to the federal government, setting the gold standard for phishing-resistant MFA. With FedRAMP High authorization, FIPS and NIST compliance, and adherence to FIDO standards, Nok Nok and UberEther are ensuring the highest level of security for federal agency employees, contractors, and citizens. As the digital era continues to evolve, Nok Nok is committed to transcending traditional boundaries and meeting the dynamic cybersecurity needs of our modern society.

31 Oct

4 Min read

Top 6 Considerations to Build vs. Buy FIDO-based Passkeys

October 31, 2023 Nok Nok News 0 comments

Here we are at the end of Cybersecurity Awareness Month, and you’ve heard vendors declare how their solutions can help make you and your enterprise safe. There is a lot to consider and maybe you are thinking you can solve the problem on your own – and go the “build vs. buy” route. Let’s look at the considerations when it comes to adopting the cutting-edge FIDO-based passkeys as the decision carries considerable weight and potential consequences.

When organizations contemplate the implementation of passkeys as an alternative to traditional passwords, they often start by focusing on the Minimum Viable Product (MVP). However, the real challenge lies beyond the MVP—the unknowns that come with version 1.1 and beyond. The technology landscape is constantly evolving, demanding adaptability and scalability. This is when the decision between starting from scratch and leveraging experienced vendors becomes critical.

Here are 6 considerations for your decision-making process:

1. Completeness: Beyond the Minimum Viable Product

Building a passkey solution from scratch may seem like an attractive proposition, especially for the sake of cost-effectiveness and fitting into existing infrastructure. However, it’s crucial to consider the road beyond the Minimum Viable Product (MVP). Rapid technological advancements necessitate staying up-to-date and future-ready. Vendors with experience in passwordless authentication solutions not only offer much more than a MVP but also pave the way for future expansions and improvements, helping organizations avoid technological dead-ends.

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

The ability of passkeys to seamlessly integrate across diverse environments is a fundamental requirement. Most established vendors excel in providing such integration, saving organizations time and resources. In contrast, building this integration in-house can be time-consuming and expensive, especially when compliance requirements need to be addressed. Dedicated passwordless authentication vendors bring years of experience, ensuring compatibility across a wide range of devices and regulatory environments.

3. Seamless Integration and Backend Infrastructure Support

The tech landscape is no longer homogeneous. Maintaining compatibility across various hardware and software versions can be a significant challenge when building in-house. Dedicated vendors can simplify this process by integrating seamlessly with an organization’s existing backend infrastructure, including cloud Hardware Security Modules (HSMs) and Secret Stores. This integration capability minimizes extensive code changes.

4. Maintenance Challenges: Keeping Pace with Specifications

Staying abreast of evolving FIDO and WebAuthn specifications is crucial for passkey solutions. Organizations often underestimate the effort and resources required for ongoing maintenance when building in-house. Partnering with experienced authentication vendors ensures that passkey features remain up-to-date, reducing maintenance burdens and allowing organizations to stay focused on their core objectives.

5. Reducing Development Risks and Project Failures

Homegrown development carries inherent unknown unknowns, particularly when implementing a paradigm like passkeys for the first time. Organizations may overlook critical factors or encounter unexpected challenges, resulting in higher costs, delays, or compromises on user experience. Partnering with an established passwordless authentication provider mitigates these risks by leveraging their extensive experience and lessons learned from successful passkey deployments.

6. Capitalizing on Investment and Experience

While building a passkey solution independently may seem appealing from a cost perspective, it often fails to account for hidden expenses and missed opportunities. Unknown unknowns can be costly both in terms of time and money. Leveraging a vendor like Nok Nok, with expertise and a wealth of investment in FIDO-based implementations, ensures a smoother fit into existing infrastructure and access to valuable intellectual property.

Conclusion

While building a solution from scratch may appear cost-effective or a better fit for existing infrastructure, it often underestimates the maintenance challenges, development risks, and missed opportunities. By leveraging a traditional passwordless vendor’s comprehensive passkey features, organizations can ensure a complete, scalable, secure, and future-proof implementation, benefiting from the expertise and investment of a trusted industry leader.

11 Oct

3 Min read

Ditch the Passwords and Embrace Passwordless Solutions for Effortless E-Commerce

October 11, 2023 Nok Nok News 0 comments

In our hyper-connected digital era, where online shopping is an integral part of our lives, the cumbersome process of creating and managing passwords has become a significant roadblock for e-commerce platforms. A study by NordPass reveals that a typical internet user juggles between 70 to 80 different passwords, highlighting the complexity users face in managing their online identities. It’s high time we explore more convenient and secure alternatives to passwords to enhance the online shopping experience.

Imagine signing up for e-commerce websites with the same ease and simplicity you experience when unlocking your mobile device using facial recognition or a finger swipe. The prospect is intriguing, practical and when done correctly, more secure. Biometric authentication could potentially revolutionize the way we interact with online platforms, particularly in the realm of e-commerce.

One of the costly issues faced by e-commerce sites is shopping cart abandonment, which accounts for a staggering $18 billion in lost revenue annually. A significant portion of this abandonment stems from the cumbersome process of creating a password during the checkout process. When users are prompted to create an account with a password, especially when they are trying to complete their transaction, friction is introduced. This friction can discourage potential customers, leading them to opt for a guest checkout and even abandon their carts.

The consequences of this friction extend beyond lost sales. E-commerce platforms miss out on the opportunity to build customer loyalty and gather valuable customer data for tailored marketing strategies. When users opt for guest checkouts, companies lose the chance to personalize their outreach and marketing efforts. Marketing is all about understanding your audience, and the more information a company has about its users, the better they can target and engage prospective customers effectively. Studies show that users who create accounts have a 10% higher average order value.

What if e-commerce websites offered an alternative solution to the traditional password setup, allowing users to employ biometrics for authentication in the form of “one-step checkout” so that customers don’t have to enter their information repeatedly? Passwordless authentication that utilizes biometrics, such as touch ID and Face ID can provide a seamless and secure user experience. No need for complex passwords! Additionally, implementing FIDO-based Passkey authentication solutions, like those offered by Nok Nok, can protect users from the most common type of attack – phishing – making it extremely difficult for malicious actors to gain unauthorized access to accounts. This proactive approach to security not only benefits customers but also strengthens the credibility and trustworthiness of e-commerce platforms.

By embracing passwordless authentication solutions, e-commerce platforms can simplify the onboarding process leading to increased account creation and reduced cart abandonment rates. The seamless experience would encourage users to complete their purchases, engage more often and potentially foster long-term relationships, leading to increased revenue and enhanced customer loyalty.

It’s evident that the traditional method of creating and managing passwords is outdated and cumbersome, particularly in the fast-paced world of e-commerce. Implementing FIDO-based passkey authentication can be a game-changer, providing users with a more convenient and secure means of accessing e-commerce sites. It’s time for the industry to embrace these innovative authentication methods and elevate the online shopping experience for everyone.

05 Oct

4 Min read

Fun and Not so Fun Evolution of Authentication: Nok Nok’s Cybersecurity Month Special Series

October 5, 2023 Nok Nok News 0 comments

In the vast landscape that is the digital world, security is paramount. As technology advances, so does the sophistication of cyber threats. Recognizing this critical need for cybersecurity, the month of October has been designated as Cybersecurity Awareness Month. This observance, which began in the early 2000s, aims to raise awareness about cybersecurity and educate individuals and organizations about the importance of protecting their digital assets.

Throughout this Cybersecurity Awareness Month, we will embark on a fascinating journey through the evolutionary phases/lens of authentication. Authentication, the process of verifying the identity of users and systems, has come a long way from its humble beginnings. From passwords to biometrics, multi-factor authentication (MFA), one-time passwords (OTP), and ultimately passwordless and passkeys, we explore the transitions that have revolutionized the way we secure our digital lives.

Fun-Facts and Not-So-Fun-Facts

The Era of Passwords
Passwords were the pioneers of authentication in the digital realm. Their roots can be traced back to ancient times when watchwords and secret codes were used to gain access to restricted areas. Fast forward to the computer age, passwords became a ubiquitous form of authentication. The word “password” itself can be dated back to the 1960s, gaining prominence with the advent of computing.
Fun Fact: The world’s first password, reportedly used at the Massachusetts Institute of Technology (MIT) in the early 1960s, was “password.”
Not-So-Fun Fact: Weak passwords are still a major vulnerability. “123456” and “password” have consistently topped the list of most commonly used passwords, highlighting the need for stronger authentication methods.

Rise of Biometrics
The 21st century brought forth a paradigm shift in authentication with the integration of biometrics. Biometric authentication uses unique physical or behavioral traits, such as fingerprints, facial recognition, and voice patterns, to verify an individual’s identity.
Fun Fact: The idea of using fingerprints as a means of identification dates back to ancient Babylon, where fingerprints were used on clay tablets for business transactions.
Not-So-Fun Fact: Modern AI makes it easy to create deep-fakes, making spoofing practical, emphasizing the need for a possession factor as well.

Multi-Factor Authentication (MFA)
To enhance security, the concept of MFA (or two-factor) emerged, combining two or more authentication methods. MFA typically involves a combination of something you know (e.g., password), something you have (e.g., smartphone), and something you are (e.g., fingerprint).
Fun Fact: MFA can be traced back to the use of bank ATM cards, which require the card (something you have) and a PIN (something you know).
Not-So-Fun Fact: Phishing attacks can bypass legacy MFA, emphasizing the need for phishing-resistant MFA.

One-Time Passwords (OTP)
OTP is a dynamic authentication method that provides a single-use code, usually valid for a short period. It’s widely used for secure logins and transactions.
Fun Fact: OTPs gained popularity in the mid-2000s and have since become a standard for secure online interactions.
Not-So-Fun Fact: OTPs are easily phishable and users have no easy way of knowing whether they are entering them into a legitimate application.

The Emergence of Passwordless Authentication and Passkeys
In a bid to eliminate the weaknesses associated with traditional passwords, passwordless authentication and passkeys have gained traction. Passwordless authentication often leverages biometrics, device fingerprinting, or cryptographic keys to verify users, while passkeys involve securely stored credentials on devices.
Fun Fact: FIDO (Fast Identity Online) Alliance has played a significant role in the development and adoption of passwordless authentication standards.
Not-So-Fun Fact: The adoption of new authentication methods can be slow due to organizational readiness and resistance to change.

Conclusion

Cybersecurity Awareness Month serves as a timely reminder of the ever-evolving landscape of cybersecurity and the imperative to stay informed and updated. The journey from passwords to passkeys showcases the constant efforts and innovations in the realm of authentication to enhance security and protect our digital footprints. As we celebrate Cybersecurity Awareness Month, let us embrace these advancements and continually strive to bolster our digital defenses for a safer online world.

19 Sep

3 Min read

Nok Nok: Making Mobile Banking More Secure and Convenient

September 19, 2023 Nok Nok News 0 comments

The Mobile Banking Revolution Affords Freedom

Mobile banking has become an integral part of modern life – at least once a month consumers use mobile native and web apps to access their banks. It offers convenience and accessibility, enabling users to manage their finances from home and on the go. From checking account balances to transferring funds and paying bills, mobile banking has revolutionized the way we handle our money. Some of the biggest names in banking aspire to make the “Best Mobile Banking Apps” List.

However, with this convenience comes a significant challenge: security. Even with various risk management requirements and procedures in place, mobile banking transactions can be vulnerable to various threats, including phishing attacks, identity theft, and scalable password attacks. Any banking or financial institution needs to be on top of these rules and threats daily.

Just a Few Benefits of Nok Nok’s Passwordless Authentication

Mobile Banking Without Friction/MFA Fatigue

One of the best ways that banks can keep customers engaged and safe is by reducing user friction. Unlike traditional two-step authentication methods that can be cumbersome, Nok No k simplifies the process. It requires only a single step by the user, eliminating the need for additional codes or passwords.

This streamlined process not only enhances user convenience but also protects against “MFA Fatigue” attacks, where users become frustrated with the complexity of multi-factor authentication and may opt for less secure methods.

Preventing Phishing!

Banks also need to be on the lookout for phishing attacks – which involves tricking users into revealing their login credentials including passwords and even OTPs through deceptive means. Nok Nok’s authentication uses FIDO credentials which cannot be “phished”. There is no “secret” that can be unintentionally shared with an attacker. Customers’ credentials remain confidential and secure, even when they’re away from home.

In addition to preventing MFA fatigue and phishing attacks, Nok Nok reduces user friction, making the overall mobile banking experience safer and more seamless by employing:

Biometric Authentication

Nok Nok’s solution empowers financial institutions to embrace biometric authentication for their customers. This means that only authorized individuals can access sensitive financial data. Biometric authentication leverages unique physical traits such as fingerprints or facial recognition, making it exceedingly secure and challenging to replicate.

Device Trustworthiness

Nok Nok’s solution goes further by evaluating the trustworthiness of the user’s mobile device before granting access to sensitive financial information. If a device is compromised or lacks essential security features, access can be promptly denied.

Scalability

Nok Nok’s authentication platform is purposefully designed to scale seamlessly with the ever-growing demands of mobile banking services. It can efficiently accommodate 10’s of millions of users and devices without compromising the security of financial transactions.

Compliance

Compliance with regulations is paramount in the world of mobile banking. Nok Nok’s solution aligns perfectly with financial industry regulations, ensuring that banking organizations remain compliant with data security and privacy standards.

Conclusion

As the world continues to embrace mobile banking as a fundamental part of modern life, security remains a top priority. Nok Nok’s innovative authentication methods ensure that banking customers can enjoy the benefits of mobile banking without compromising on safety. So, whether you’re planning to simply check your account balance on a lazy Sunday in the backyard or in the parking lot before a little retail therapy – Nok Nok has your back, keeping your financial data secure and accessible with ease.

17 Aug

2 Min read

Test Drive the Nok Nok Passkey Authentication Solution

August 17, 2023 Nok Nok News 0 comments

Before you buy a new car, you test drive it. Sometimes you test drive lots of cars before you make a decision. Not all cars are the same, and they are definitely not the same as your old car. You want to see how the car drives, how the brakes work, cruise control, air conditioning and of course the all important safety features. It is the same when it comes to buying technology solutions – security is paramount. And equally important is the “look and feel” when the solution is customer facing. And now you can test drive the Nok Nok passkey authentication solution.

How often has customer experience ruined your relationship with a brand after the brand has changed an interface? Facebook changed its look and feel almost every two years and it drove their users nuts every time! But what if change made things much better and easier? Like when Apple introduced Touch ID? Nok Nok provides a passkey authentication solution that lets you authenticate your customers quickly and easily across mobile phones, desktop computers and tablets– all without passwords – a delightful change! It won’t look and feel like your old “car,” it will be better, and more secure!

And guess what? You can test drive Nok Nok when you sign up for a free trial. And learn more about how using a Nok Nok passkey authentication solution is the same regardless of your device when you watch the video. And btw – our video is shorter than test driving a car!

Free Trial

Watch Video

11 Aug

3 Min read

Nok Nok at the White House

August 11, 2023 Nok Nok News 0 comments

Discussion on how the Federal government can support and benefit from advances in phishing-resistant authentication.

Matt Lourie, Sr. Director of Engineering

Last month, Nok Nok Labs attended the White House Multifactor Authentication (MFA) Modernization Symposium. This event brought together government and industry leaders to discuss how to achieve full adoption of MFA across federal agencies, as called for in the Executive Order on Improving the Nation’s Cybersecurity.

Many government agencies currently rely on Personal Identity Verification (PIV) and Common Access (CAC) cards for employee authentication. However, these smart cards are not always convenient for remote access and everyday use. Connecting to a separate card reader can negatively impact user experience. As Deputy National Security Advisor Anne Neuberger noted, government policies should not create barriers to MFA adoption.

There was broad consensus among participants at the symposium that to fully implement MFA, the government needs to move beyond legacy technologies and embrace advanced standards like passkeys. Passkeys are a modern type of credential that can help government agencies finally achieve comprehensive MFA deployment. With passkeys, users authenticate using a cryptographic key pair stored on their device, rather than typing in a password, providing phishing-resistant security without the usability drawbacks of traditional second factors. Passkeys are already supported across major platforms and browsers and can be bound to a single device or synced across multiple devices, making them a practical path to securing access for employees, contractors, and citizens across all applications and environments.

It is clear that the transition to full MFA adoption will take thoughtful planning and cannot happen overnight. With over a decade of experience in authentication and as a founding member of the FIDO Alliance, Nok Nok Labs is well prepared to assist agencies throughout this process of transitioning to full MFA adoption. We understand the unique needs of the government and have solutions to deliver robust security and usability at scale.

While modernizing authentication is no small task, the White House symposium reiterated that it must be a priority if we are to defend our digital infrastructure in today’s threat environment. Public-private collaboration will be key to overcoming roadblocks on the path ahead. Nok Nok Labs looks forward to continuing to work with our partners across government as we chart the course to a passwordless future and a more secure online experience.

02 Aug

5 Min read

Most Organizations Still Using Phishable Multifactor Auth

August 2, 2023 Nok Nok News 0 comments

Survey Reveals Majority of Organizations Still Using Phishable Multifactor Methods for Customer Authentication

San Jose, CA – August 2, 2023 – Nok Nok, a leader in passwordless authentication for the world’s largest organizations and Enterprise Strategy Group (ESG), today released the findings of a comprehensive survey on the state of passwords. ESG surveyed over 350 IT, cybersecurity, and application development professionals responsible for identity and access management programs in North America. The results shed light on the challenges organizations continue to face using traditional authentication methods and the increasing interest in passwordless authentication as a more secure and user-friendly alternative. With the availability of low cost cloud CPUs to crack passwords and the prevalence of known accounts/passwords, organizations recognize that passwords are not secure. The survey revealed that traditional authentication methods, such as passwords, are not effective in the face of evolving cyber threats

52% of organizations said eliminating customer passwords had a significant positive impact on revenue. In addition to the expected risk reduction that comes from deploying passwordless authentication for customer-facing apps, removing friction from passwords and MFA positively impacted revenue, customer productivity and satisfaction, and credential-based cybersecurity incidents.

76% of organizations experienced multiple account or credential compromises over the past 12 months. Organizations face a multitude of disparate attack vectors targeting weak authentication methods. Unfortunately, organizations are still not prepared to respond to account or credential compromise, and thus multiple incidents have become the norm.

The survey also highlighted the importance of passwordless authentication for customer-facing applications. Organizations understand the risks of account takeover attacks and the need to secure customer identities. However, a significant portion of customer identities are believed to continue to be insufficiently secured. To mitigate these risks, organizations are prioritizing customer authentication practices, with 36% of the respondents designating authentication as a critical activity.

“In the face of weak passwords and phishable legacy authentication solutions, the survey shows that customer passwordless authentication can deliver a host of security enhancements and increase the user experience,” said Jack Poller, Senior Analyst, ESG. “Benefits include reduced calls to help desk/IT for password resets and account lockouts, to increased customer productivity and satisfaction by eliminating the friction from passwords and MFA, as well as
eligibility to obtain cyber-insurance or reduce rates.”

The findings of the survey indicate that organizations are actively investing in strong authentication, with passwordless authentication gaining traction. Passwordless authentication not only enhances security but also improves the user experience by eliminating the need to remember complex passwords and reducing the reliance on phishable MFA factors.

“This survey reveals that organizations are still relying on the most common, weakest methods of MFA, SMS, and one-time email codes, even when FIDO-based phishing resistant strong authentication is available.,” said Phil Dunkelberger, CEO of Nok Nok. “Major platform vendor ssuch as Google, Apple and Microsoft have all embraced FIDO standards and are rolling out passkeys for consumers. It is time enterprises do the same for their customer authentication.”

For a copy of the results with more detailed information and insights from the survey, please review The State of Passwordless Authentication eBook.

About TechTarget

TechTarget is a leading technology media company that provides trusted and targeted content to enterprise technology buyers and decision-makers. With a network of over 140 technology-specific websites, TechTarget delivers quality content, research, and analysis to help organizations make informed technology purchasing decisions.

About Nok Nok

Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the passwordless authentication market today. Nok Nok empowers organizations to significantly improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, https://noknok.com/.

Nok Nok News

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Nok Nok News

1. Completeness: Beyond the Minimum Viable Product

2. Support for Diverse Environments: Native Apps, Web Apps, Devices, and Regulatory Requirements

3. Seamless Integration and Backend Infrastructure Support

4. Maintenance Challenges: Keeping Pace with Specifications

5. Reducing Development Risks and Project Failures

6. Capitalizing on Investment and Experience

Fun-Facts and Not-So-Fun-Facts

Conclusion

Discussion on how the Federal government can support and benefit from advances in phishing-resistant authentication.

Matt Lourie, Sr. Director of Engineering

Contact Us

Contact and Subscribe

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.

Please complete this form to view and download this resource.