Goodbye passwords, passwordless authentication is here to stay

Let’s explore the basis for this prediction and the future of passwordless authentication.

Account Takeover (ATO) fraud is becoming a bigger challenge by the day. It has impacted every vertical from ecommerce to digital wallets, online banking, telecommunication, and healthcare. Fraudsters continually exploit every possible avenue to obtain and use PII.  Once they have your data, they apply sophisticated machine learning to evolve attack strategies to stay a step ahead of fraud prevention tools. The most commonly used ATO techniques include:

• Phishing or man-in-the-middle attacks to steal account credentials and intercept one-time passcodes to reset account passwords;
• Credential stuffing: automated testing of stolen usernames and passwords at multiple websites with the intent of taking over a large set of accounts all at once;
• Use of stolen or openly available data to answer Knowledge-Based Authentication (KBA) security questions.

Why passwordless authentication is emerging as a better option 

User authentication technologies have evolved over the years since password technology came about in 1961. Today authentication methods that rely on shared secrets are taking a back-seat to standards-based passwordless solutions that prioritize security and low customer friction. 

Different types of authentication are:

From a recent Visa survey of 1,000 U.S. consumers, majority of respondents preferred biometric authentication to password-based authentication. The most commonly cited benefits of biometric authentication among respondents were: 

How passwordless security works

The biggest difference is that the use of shared secrets such as passwords, PINs, OTP is replaced with public-key cryptography. Private keys are stored within secure enclave areas of your phone device and your smartphone’s biometric technology such as FaceId or TouchId is used to unlock the credentials and then verified against an authentication server using public key cryptography. 

The ‘Apple Secure enclave’ or ‘ARMS Trustzone in Android’ is an isolated processor built into the device. Even if your device gets stolen or gets infected with malware, the credentials stored within the secure enclave cannot be tampered without the biometric sensors which only the device owner should have: a unique TouchId or a FaceId.

Paswordless security with biometrics is the path forward for a frictionless & secure consumer experience 

Ecommerce merchants, financial services, banks alike seeking to provide a higher quality user experience and increase consumer trust in their authentication processes must look to the future and consider implementing biometric authentication.

Vesta solutions 

Vesta’s Account Protect is our newest offering and provides safe, speedy and secure online experiences for it’s customers, and is a fully orchestrated fraud protection platform that protects account lifecycle activity - from activation to activity monitoring. It incorporates passwordless authentication and comes with a fully automated digital onboarding package.

About Srividya Sunderamurthy

Srividya Sunderamurthy is a highly successful product management leader who has led end-to-end product strategy and launch of fraud and AML solutions in small to medium-sized fast-paced startups and large-scale technology companies. She currently leads the product strategy within Vesta Corp.

About Vesta

Vesta is a fintech pioneer in fraud protection and fully guaranteed payment technologies, helping online merchants, major telcos, payment processors, and acquirers optimise revenue by eliminating the fear of fraud. The company’s flexible, scalable solutions enable companies to grow their businesses by focusing on revenue rather than risk, delivering secure, frictionless transactions that maximise acceptance and improve customer experience – all backed by a zero-fraud-liability guarantee.