Breaking Free from Passwords: Passkeys and the Future of Digital Banking
This page examines passkeys, a new authentication method set to replace traditional passwords.
Passkeys – unveiled in 2022 by major tech companies including Apple, Google and Microsoft – are the result of 10 years of work by the FIDO Alliance.
As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts believe they will very soon become the standard authentication method used worldwide. In fact, according to the business news channel CNBC, passkeys could become the industry norm within a year.
For financial institutions (FIs), this means rethinking their approach to digital services to take full advantage of the benefits of passkeys.
Here we look at what passkeys are, how they differ from traditional passwords, and how Thales is leading the way in facilitating the seamless adoption of passkeys while maintaining the necessary security and compliance with standards demanded by the financial industry.
Let's jump right in.
"By implementing passkeys, FIs will lead the way in the transition to this technology, and they’re also an excellent opportunity to simplify and secure digital banking.”
Pedro Martinez, Thales
What are passkeys?
Passkeys are cryptographic credentials that meet FIDO Alliance specifications and are used to authenticate users for accessing digital services.
Passkeys’ passwordless authentication typically involves using facial recognition or fingerprint scanning to authenticate a user. This approach can reduce the risk of account takeover through password theft or social engineering attacks while making the login process faster and more user-friendly.
The FIDO (Fast Identity Online) Alliance, a cross-industry coalition established in 2013, aims to develop and promote open standards for strong authentication that can reduce reliance on passwords and improve security for online transactions. FIDO specifications and protocols are designed to work across all devices, platforms, and online services. The FIDO Alliance also provides certification programs to ensure that products and services are interoperable and meet its standards.
Passkeys: the future of digital banking authentication
Nobody likes passwords
Passwords are an outdated method of authentication that often pose a security risk.
They can be forgotten, phished, hacked, or not strong enough, leading to compromised accounts, data breaches, and related costs.
This is where passkeys come to the rescue as a more secure and user-friendly alternative.
Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are phishing-resistant.
Passkeys represent the future of digital banking authentication because they provide a more secure, convenient, and user-friendly authentication method that is better suited to the needs of financial institutions and their customers.
How do we get there?
FIDO standard with industry support
Passkeys are based onFIDO authentication, an open standard that enables passwordless authentication across different devices and platforms. It uses public-key cryptography to secure user identity and protect against phishing attacks.
In essence, passkeys are easier to use than passwords and offer much better resistance to credential phishing, credential stuffing, and similar account takeover attacks.
They will change access to digital services dramatically, bringing lots of benefits for end users and service providers:
Better UX. Passwordless at last.
Enhanced security. Immune to phishing and server data leaks.
Cost savings. Eliminates the most frequent and costly customer care incident: password reset.
Natively available on every device, through every browser or app.
How do passkeys work?
We don’t have to remember passkeys.
The smartphones, tablets and computers we use to access digital services will generate, store and manage our passkeys. We can use them to authenticate digital services whenever required simply by doing the same biometric verification we use to unlock our devices.
Passkeys created and managed by the device’s OS synchronise to the device’s cloud – Apple, Google, Microsoft – meaning that they can be quickly recovered if a device is lost.
This is how passkeys synchronisation works:
How can passkeys be used for digital banking?
A passwordless future is finally within reach.
Adopting FIDO technology to replace passwords for basic login with passkeys is a no-brainer for any service provider, including Fls.
But FIs need to understand both the benefits and limitations of passkeys to ensure that they are implemented correctly for maximum security in their different ecosystems.
For example, although FIDO authentication can be used for Strong Customer Authentication (SCA), using passkeys for SCA may need some consideration.
Passkeys synchronised over the cloud combine two authentication factors (biometrics plus possession), but they are not uniquely bound to a specific device since they are synced over the device ecosystem.
Many financial regulations, in line with PSD2, require device binding. So, FIs may have to raise the bar on passkeys before implementing them for PSD2/SCA.
The synergy of passkeys and Thales Gemalto IdCloud
The Thales Gemalto IdCloud platform enables FIs to implement passkeys in several ways, ensuring they strike the best balance between security and user experience.
It ensures compliance with financial regulations and meets the security demands of FIs.
Passkeys offer an initial layer of security, while the advanced security features of the IdCloud platform ensure regulatory compliance, effective risk management, and greater security for financial institutions and their customers.
Passkeys and the Thales Gemalto IdCloud platform provide a robust and effective security solution to protect sensitive data and transactions from cyber threats and unauthorised access.
How can Thales Gemalto IdCloud help?
Naturally, Thales Gemalto IdCloud fully supports ‘synced passkeys’, i.e. the standard passkeys synchronised over the cloud.
But it also supports ‘device-bound passkeys’. These passkeys are uniquely bound to the device where they are generated, making them SCA compliant with financial regulations, such as PSD2, and keeping the FI in control.
Strong Customer Authentication
Uploaded to cloud
Never leaves the device)
Thales Gemalto IdCloud is FIDO2 certified.
The platform offers fully scalable authentication as a service and supports the technology you use today (OTP) and the one you will use tomorrow (FIDO).
Mobilise our experts
While passkeys are great for FIs, it’s important to remember that their implementation must be carefully considered to ensure maximum security.
This is where Thales can provide invaluable advice and support.
We have extensive experience in helping FIs transition from legacy authentication to state-of-the-art solutions, attaining the best possible security and user experience demanded in their services while ensuring compliance, service continuity, reliability and scalability.
Implemented correctly, passkeys will increase security and ensure a better user experience. But it shouldn't stop there.
FIs can further enhance their digital banking authentication security and the user experience by incorporating risk management technologies and risk-based authentication (RBA).
When implemented effectively, such technologies can identify returning good users with high confidence and enable them to benefit from SCA exemption.
Additionally, complete session monitoring can be used to prevent account hijacking and social engineering attacks that can happen after login.
By adopting such measures, FIs can ensure their customers enjoy a secure and seamless digital banking experience.
How risk management helps financial institutions (FIs) mitigate fraud and improve customer experience for digital banking
Check out this infographic to discover how risk management helps financial institutions (FIs) to mitigate fraud and improve customer experience during onboarding and accessing digital banking services.
Passkeys, also known as passwordless authentication methods, have indeed gained popularity due to their improved user experience, cost reduction, and enhanced security.
They are poised to replace passwords and become the predominant authentication standard.
[Infographic] What are the next trends in digital payment? Can the battle against fraud be won? How can marginalised groups participate in world of virtual commerce? Is cash dying? Here's a snapshot of the current climate
For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.
Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.