This page examines passkeys, a new authentication method set to replace traditional passwords.
Passkeys – unveiled in 2022 by major tech companies including Apple, Google and Microsoft – are the result of 10 years of work by the FIDO Alliance.
As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts believe they will very soon become the standard authentication method used worldwide. In fact, according to the business news channel CNBC, passkeys could become the industry norm within a year.
For financial institutions (FIs), this means rethinking their approach to digital services to take full advantage of the benefits of passkeys.
Here we look at what passkeys are, how they differ from traditional passwords, and how Thales is leading the way in facilitating the seamless adoption of passkeys while maintaining the necessary security and compliance with standards demanded by the financial industry.
Let's jump right in.
"By implementing passkeys, FIs will lead the way in the transition to this technology, and they’re also an excellent opportunity to simplify and secure digital banking.”
Pedro Martinez, Thales
What are passkeys?
Passkeys are cryptographic credentials that meet FIDO Alliance specifications and are used to authenticate users for accessing digital services.
Passkeys’ passwordless authentication typically involves using facial recognition or fingerprint scanning to authenticate a user. This approach can reduce the risk of account takeover through password theft or social engineering attacks while making the login process faster and more user-friendly.
Passkeys: the future of digital banking authentication
Nobody likes passwords
Passwords are an outdated method of authentication that often pose a security risk.
They can be forgotten, phished, hacked, or not strong enough, leading to compromised accounts, data breaches, and related costs.
This is where passkeys come to the rescue as a more secure and user-friendly alternative.
Enter passkeys
Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are phishing-resistant.
Passkeys represent the future of digital banking authentication because they provide a more secure, convenient, and user-friendly authentication method that is better suited to the needs of financial institutions and their customers.
How do we get there?
FIDO standard with industry support
Passkeys are based on FIDO authentication, an open standard that enables passwordless authentication across different devices and platforms. It uses public-key cryptography to secure user identity and protect against phishing attacks.
Passkeys are already available on Apple platforms (IoS and MacOS), Android, Chrome and Windows massive support from the industry.
They will change access to digital services dramatically, bringing lots of benefits for end users and service providers:
- Better UX. Passwordless at last.
- Enhanced security. Immune to phishing and server data leaks.
- Cost savings. Eliminates the most frequent and costly customer care incident: password reset.
- Natively available on every device, through every browser or app.
How do passkeys work?
We don’t have to remember passkeys.
The smartphones, tablets and computers we use to access digital services will generate, store and manage our passkeys. We can use them to authenticate digital services whenever required simply by doing the same biometric verification we use to unlock our devices.
Passkeys created and managed by the device’s OS synchronise to the device’s cloud – Apple, Google, Microsoft – meaning that they can be quickly recovered if a device is lost.
This is how passkeys synchronisation works:
How can passkeys be used for digital banking?
A passwordless future is finally within reach.
Adopting FIDO technology to replace passwords for basic login with passkeys is a no-brainer for any service provider, including Fls.
But FIs need to understand both the benefits and limitations of passkeys to ensure that they are implemented correctly for maximum security in their different ecosystems.
For example, although FIDO authentication can be used for Strong Customer Authentication (SCA), using passkeys for SCA may need some consideration.
Passkeys synchronised over the cloud combine two authentication factors (biometrics plus possession), but they are not uniquely bound to a specific device since they are synced over the device ecosystem.
Many financial regulations, in line with PSD2, require device binding. So, FIs may have to raise the bar on passkeys before implementing them for PSD2/SCA.
The synergy of passkeys and Thales Gemalto IdCloud
The Thales Gemalto IdCloud platform enables FIs to implement passkeys in several ways, ensuring they strike the best balance between security and user experience.
The result?
It ensures compliance with financial regulations and meets the security demands of FIs.
Passkeys and the Thales Gemalto IdCloud platform provide a robust and effective security solution to protect sensitive data and transactions from cyber threats and unauthorised access.
How can Thales Gemalto IdCloud help?
Naturally, Thales Gemalto IdCloud fully supports ‘synced passkeys’, i.e. the standard passkeys synchronised over the cloud.
But it also supports ‘device-bound passkeys’. These passkeys are uniquely bound to the device where they are generated, making them SCA compliant with financial regulations, such as PSD2, and keeping the FI in control.
Synced passkeys | Device-bound passkeys | |
---|---|---|
GREAT FOR | Password replacement | Strong Customer Authentication |
MANAGED BY | Device OS | Mobile app |
PRIVATE KEY | Uploaded to cloud | Never leaves the device) |
DEVICE BINDING | No | Yes |
PSD2 COMPLIANCE | No | Yes |
Thales Gemalto IdCloud is FIDO2 certified.
The platform offers fully scalable authentication as a service and supports the technology you use today (OTP) and the one you will use tomorrow (FIDO).
Mobilise our experts
While passkeys are great for FIs, it’s important to remember that their implementation must be carefully considered to ensure maximum security.
This is where Thales can provide invaluable advice and support.
We have extensive experience in helping FIs transition from legacy authentication to state-of-the-art solutions, attaining the best possible security and user experience demanded in their services while ensuring compliance, service continuity, reliability and scalability.
Implemented correctly, passkeys will increase security and ensure a better user experience. But it shouldn't stop there.
FIs can further enhance their digital banking authentication security and the user experience by incorporating risk management technologies and risk-based authentication (RBA).
When implemented effectively, such technologies can identify returning good users with high confidence and enable them to benefit from SCA exemption.
Additionally, complete session monitoring can be used to prevent account hijacking and social engineering attacks that can happen after login.
By adopting such measures, FIs can ensure their customers enjoy a secure and seamless digital banking experience.
Learn more about our risk management technologies here.
More resources about passkeys, authentication and digital banking
Documents

Why passwordless authentication is the future for digital banking?
Check out this infographic to discover how passwordless authentication with passkey is the future of authentication.
Read our infographic on Passkeys
How risk management helps financial institutions (FIs) mitigate fraud and improve customer experience for digital banking
Check out this infographic to discover how risk management helps financial institutions (FIs) to mitigate fraud and improve customer experience during onboarding and accessing digital banking services.
Read our infographic
The End Of Password
Passkeys, also known as passwordless authentication methods, have indeed gained popularity due to their improved user experience, cost reduction, and enhanced security. They are poised to replace passwords and become the predominant authentication standard.
Discover Our Solution
FIDO PASSKEYS for financial institutions
Eliminating passwords: the rise of passkeys for secure authentication
Read more on FIDO PASSKEY