This page examines passkeys, a new authentication method that looks set to replace traditional passwords.
Passkeys – which were unveiled in 2022 by major tech companies including Apple, Google and Microsoft – are the result of 10 years of work by the FIDO Alliance.
As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts believe they will very soon become the standard authentication method used worldwide. In fact, according to business news channel CNBC, passkeys could become the industry norm within a year.
For financial institutions (FIs), this means rethinking their approach to digital services in order to take full advantage of the benefits of passkeys.
Here we look at what passkeys are, how they differ from traditional passwords, and how our Thales Gemalto IdCloud platform is leading the way in facilitating the seamless adoption of passkeys while maintaining the necessary security and compliance with standards demanded by the financial industry.
Let's jump right in.
"By implementing passkeys, FIs will lead the way in the transition to this technology, and they’re also an excellent opportunity to simplify and secure digital banking.”
Pedro Martinez, Thales
What are passkeys?
Passkeys are cryptographic credentials that meet FIDO Alliance specifications and they are used to authenticate users for accessing digital services.
Passkeys’ passwordless authentication typically involves using facial recognition or fingerprint scanning to authenticate a user. This approach can reduce the risk of account takeover through password theft or social engineering attacks while making the login process faster and more user-friendly.
Passkeys: the future of digital banking authentication
Nobody likes passwords
Passwords are an outdated method of authentication that often pose a security risk.
They can be forgotten, phished, hacked, or simply not strong enough, leading to compromised accounts, data breaches, and related costs.
This is where passkeys come to the rescue as a more secure and user-friendly alternative.
Enter passkeys
Passkeys’ passwordless authentication allows users to log in to their accounts using a passkey, biometric data or other authentication factors without a password.
This method enhances security and improves the user experience by eliminating the need to remember and type in passwords.
Overall, passkey technology represents the future of digital banking authentication, because it provides a more secure, convenient, and user-friendly authentication method that is better suited to the needs of financial institutions and their customers.
How do we get there?
Meet FIDO passkeys
FIDO passkey technology is an open standard that enables passwordless authentication across different devices and platforms. It uses public-key cryptography to secure user identity and protect against phishing attacks.
The technology can be used with biometrics, tokens, or other authentication factors to provide a passwordless solution that meets different industries' security and usability needs.
Based on the FIDO authentication protocol, Passkeys are already available on Apple platforms (IoS and MacOS), Android, Chrome and Windows.
They will change access to digital services dramatically, bringing lots of benefits for end users and service providers:
- Better UX. Passwordless at last.
- Enhanced security. Immune to phishing and server data leaks.
- Cost savings. Eliminates the most frequent and costly customer care incident: password reset.
- Natively available on every device, through every browser or app.
How do passkeys work?
We don’t have to remember passkeys.
The smartphones, tablets and computers we use to access digital services will generate, store and manage our passkeys, and we can use them to authenticate digital services whenever required simply by doing the same biometric verification we use to unlock our device.
Passkeys created and managed by the device’s OS synchronise to the device’s cloud – Apple, Google, Microsoft – meaning that they can be quickly recovered if a device is lost.
This is how passkeys synchronisation works:
How can passkeys be used for digital banking?
A passwordless future is finally within reach.
Adopting FIDO technology to replace passwords for basic login with passkeys is a no-brainer for any service provider, including banks.
But FIs do need to understand the feasibility of passkey implementation and ensure that the technology is implemented in the right way for maximum security in their different ecosystems.
For example, although FIDO can be used for Strong Customer Authentication (SCA), using passkeys for SCA may need some consideration.
Passkeys that are synchronised over the cloud combine two authentication factors (biometrics plus possession), but they are not uniquely bound to a specific device since they are synced over the device ecosystem.
Many financial regulations, in line with PSD2, require device binding. So, FIs may have to raise the bar on passkeys before implementing them for PSD2/SCA.
The Synergy of passkeys and Thales Gemalto IdCloud
The Thales Gemalto IdCloud platform enables FIs to supplement passkeys with additional measures that help protect sensitive data and transactions from unauthorised access, data breaches and cyber attacks.
The result?
It ensures compliance with financial regulations and meets the security demands of FIs.
Overall, passkeys and Thales Gemalto IdCloud platform work together to provide a comprehensive security solution for FIs.
Together, they offer a robust and effective security solution to protect sensitive data and transactions from cyber threats and unauthorised access.
How can Thales Gemalto IdCloud help?
Naturally, Thales Gemalto IdCloud fully supports multi-device passkeys synchronised over the cloud.
But it also supports passkeys uniquely bound to the device where they are generated, making them SCA compliant with financial regulations, such as PSD2, and keeping the FI in control.
FIDO multi-device credentials | FIDO single device credentials | |
---|---|---|
GREAT FOR | Password replacement | Strong Customer Authentication |
MANAGED BY | Device OS | Mobile app |
PRIVATE KEY | Uploaded to cloud | Never leaves the device) |
DEVICE BINDING | No | Yes |
PSD2 COMPLIANCE | No | Yes |
Gemalto IdCloud is FIDO2 certified.
The platform offers fully scalable authentication as a service and supports the technology you use today (OTP) and the one you will use tomorrow (FIDO).
Mobilise our experts
While passkeys are a valuable tool for FIs, it’s important to remember that their implementation needs to be considered carefully to ensure maximum security.
This is where Thales can provide invaluable advice and support.
We have extensive experience in helping FIs transition from legacy authentication to state-of-the-art solutions, attaining the best possible security and user experience demanded in their services while ensuring compliance, service continuity, reliability and scalability.
Implemented correctly, passkeys will increase security and ensure a better user experience. But it shouldn't stop there.
FIs can further enhance their digital banking authentication security and the user experience by incorporating risk management technologies and risk based authentication (RBA).
When implemented effectively, such technologies can identify returning good users with high confidence and enable them to benefit from SCA exemption.
Additionally, complete session monitoring can be used to prevent account hijacking and social engineering attacks that can happen after login.
By adopting such measures, FIs can ensure their customers enjoy a secure and seamless digital banking experience.
Learn more about our risk management technologies here.
More resources about passkeys, authentication and digital banking
Documents

Key best practices for digital onboarding
This ebook highlights the key best practices we have identified during deployments of KYC projects using our solution in the banking private sector, and key technologies to be used to allow a smooth onboarding and reduce identity fraud
Read the ebook
How to secure onboarding and access to digital banking services – with the customer experience in focus
A Gemalto IdCloud solution paper
Discover our solution paper
Thales Gemalto IdCloud for Access
Cloud based strong customer authentication and flexible risk management to secure access to digital banking services
Gemalto IdCloud for Access [PDF - 2 mb]
Thales Gemalto IdCloud
One cloud platform to secure the digital banking journey
Gemalto IdCloud [PDF - 1mb]
How risk management helps financial institutions (FIs) mitigate fraud and improve customer experience for digital banking
Check out this infographic to discover how risk management helps financial institutions (FIs) to mitigate fraud and improve customer experience during onboarding and accessing digital banking services.
Read our infographic