The Promise of Passkeys
What Banks and Financial Institutions Need to Know
November 21, 2022
Passkeys have been at the forefront of fintech news since May 2022, when Apple, Google, and Microsoft announced their integration of FIDO Alliance protocols for passwordless sign-on using FIDO2 authentication – technology now referred to as “passkeys.”
IT leaders and managers at banks and financial institutions may wonder how consumer attitudes toward passwords and passkeys will impact their current customer identity and access management (CIAM) solutions. Ralph Rodriguez, President and CPO at Daon®, speaks to these concerns and more in an article that just debuted in Fintech Futures.
The FIDO Alliance launched the first specifications for the FIDO2 standard with the World Wide Web Consortium(W3C)’s Web Authentication specification in 2018. FIDO2 enables users to leverage common devices to easily authenticate their identity for online services in both mobile and desktop environments.
As major browsers started supporting FIDO2, websites utilizing these authentication protocols had the ability to replace passwords with cryptographically secure logins. They can now employ more convenient alternatives, like on-device biometrics and FIDO Security Keys.
Leading the Way
As industry leaders, Apple, Google, and Microsoft are playing a critical role in encouraging users to move away from passwords and toward more secure login and authentication factors. But it’s a heavy lift: recent data show that passwords persist like a bad habit, with 68% of consumers reporting passwords as their most used – and least trusted – security measure.
Driving New Consumer Expectations
The progress made by bringing passkeys to market, according to Rodriguez, will have a major impact on consumers’ expectations:
“Apple’s recent announcement of passkey integration will enhance user expectations for quicker, seamless authentication – particularly more biometric authentication – across all online transactions and interactions. Apple has always led the way in consumer adoption of new technology, eventually resulting in commercial and enterprise adoption of the same goods and services. Consumers are already comfortable with biometrics to access their iPhone and other iOS apps (FaceID) – why not leverage this technology elsewhere? According to the FIDO Alliance, 39% of people are familiar with the concept of passkeys – and this familiarity is especially high, at 48%, among 18–34-year-olds.”
While some banks and financial institutions are using advanced, passkey-like or biometric authentication technologies, those that are still relying on passwords and multi-factor authentication need to prepare for a drastic change in consumer expectations. Consumers are now highly aware that passwords alone aren’t secure enough to fend off today’s cybercriminals and fraudsters. And they want companies to meet them halfway when it comes to protecting their personal information.
In fact, Daon just released a new report outlining the results of a global survey of over 3,000 consumers in the U.S. and UK. The data show that, with the increasing use of online financial tools and applications, consumers are getting more concerned about the safety of their online financial information. 81% of respondents said their reliance on these financial tools has made them concerned for the security of their financial information and money.
Compliance and Friction
Rodriguez goes on to advise banks and financial institutions that, while new passkey technologies emerging from Apple and other companies are more secure than passwords, they may not be secure enough to truly protect customers’ online financial data and to comply with financial regulations.
“As banks and other financial institutions continue to create identity proofing and authentication systems, they will need to strike a balance between regulatory and legal requirements pertaining to identity and a seamless consumer experience. Complying with government regulations on anti-money laundering (AML) and know your customer (KYC), a component of AML, is only one of the many compliance requirements that these businesses must follow. In order to comply with these requirements, some organizations may develop cumbersome onboarding procedures, which might annoy legitimate clients and raise desertion rates.”
Fortunately, it is possible – and easy, with solutions like IdentityX® – for companies to stay compliant without creating more obstacles for their customers. Removing friction from the onboarding process is important for customer satisfaction and retention, as well as for reducing costs; attrition rates and regulatory fees can cost companies millions of dollars annually.
Utilizing FIDO2 Technology Today
A recent report by Oliver Wyman and the American Bankers Association states that 85% of U.S. banks rely on usernames and passwords to authenticate customers. This percentage is alarmingly high, and both consumers and companies are starting to take action.
Many companies are already starting to deploy FIDO2 authentication. Identity proofing and authentication leaders have implemented similar capabilities that are FIDO-compliant and, in some cases, even more sophisticated.
It’s clear that consumers are expecting much more rigorous authentication measures to protect their data – and their money. The broader adoption of passkeys will only amplify this expectation, leaving banks and financial institutions with an important decision to make: will they move forward into a passwordless future, or get left behind?
Learn more about identity proofing and authentication with Daon.