With the advanced technologies such as biometrics verification and cryptographic keys, IT around the world is moving towards passwordless authentication for its apps.
Subscribe for more insightful report at: https://kms-solutions.asia/
2. INTRO.
With the advanced technologies such as
biometrics verification and
cryptographic keys, IT around the world
is moving towards passwordless
authentication for its applications. Fast
Identity Online 2 (FIDO2) is the
industry’s answer to the global password
problem and addresses all of the issues
of traditional authentication.
Passwords are a big problem for the
financial services industry. It’s common
for criminals or hackers to compromise
passwords through brute force,
credential stuffing, dictionary attacks,
and phishing or social engineering.
According to Verizon 2021 Data Breach
Investigations Report, 89% of breaches
within Hacking involve Brute force or
the Use of lost or stolen credentials. To
limit the damage of compromised
passwords, organizations
typically ask users to set
overly complex
passwords and
3FA
KNOW
HAVE ARE
change them frequently. This practice
creates a hassle and big friction to digital
processes.
For many IT departments, password
support and maintenance are often the
largest cost. Password replacement
options can help organizations offer
convenience and improve user
experience without exposure to high
security risk. FIDO2 cryptographic login
credentials are unique across every
website, never leave the user’s device
and are never stored on a server. This
security model eliminates the risks of
phishing, all forms of password theft and
replay attacks. Login access to an
account is limited to a register device
(something you have) and requires a
second factor such as facial or
fingerprint (something you are) to
unlock the cryptographic keys.
Passwordless Authentication | Intro
Passwordless Authentication | Intro
3. This practice will create a more convenient authentication experience for users on
their digital journeys. Modern iOS and Android mobile devices have built-in support
for facial or fingerprint authentication, thus it reduces the fictions in the entire
process allowing users to access to the services they need in a few seconds.
Many iOS and Android mobile devices have built-in support for facial or fingerprint
recognition, allowing the device authentication to be performed within a few
seconds, thus reducing friction in the entire process.
3 steps to authenticate
your account
1 Match your fingerprint
3 Scan your fingerprint
2 Scan your face
Got it
CONGRATULATIONS!
Next
In passwordless mobile banking scenarios, users provide only a username to initiate
authentication. The mobile banking app then presents a device-native dialogue to the user.
Once the user provides biometric authentication or a PIN, the unlocked private key will be
used to sign the authentication request and pass it back to the application
Next
Your Username
Mobile Banking &
Passwordless Authentication
Passwordless Authentication | 01
4. • Mobile Frontend is the banking application that wants to authenticate users or
confirm the transaction.
• The Frontend component communicates with the Platform Authenticator for the
authentication ceremony. The information is then passed to the backend and
Authentication API to finish the transaction.
1st-time onboarding
After a user has registered for a bank account, users must register their mobile
device as their primary authenticator. This ceremony could be accomplished in one
of the following ways:
• Automatically: The secret keys are sent in encrypted form online. Users have
installed Mobile Banking App, register their communication channel, perform eKYC
procedures and successfully create a bank account. Encrypted data can be fetched
from Authentication API component.
• QR-Coded: A QR code containing all required key information is submitted to the
users via a Bank Branch visit or sent over a trusted channel such as video call.
Once registered, the user’s mobile device is the key to authenticate as well as sign
the transactions
Mobile Banking App
Mobile Frontend
Auth API
Mobile Backend
Authentication API
Platform
Authenticator
CTAP2 User Store
Application Architecture
Overview
Passwordless Authentication | 02
5. Authentication and Transaction Signing
1. Frontend trigger authentication initialization
2. User provides consent through a biometrics or a PIN
3. The authentication response phrase is sent to backend for processing
4. Authentication API validate the response phrase using stored credential public key
FIDO2-based solutions will help increase User experience, faster login and transaction
confirmation. In the digital world, make it simple for the Users with one-tap
confirmation, no need to keep USB tokens, digital token generators. The Solution also
helps reduce the operations cost, reduces requests to helpdesk for password reset.
Passwords are going away. The future belongs to passwordless authentication
solutions.
Operation 1 from 1
Got it
Bank Acc Name
The First Bank
Bank Acc No
123-45678-912
Sort Code
5439
Swift Number
HSBCSGSG
IBAN
SG12340000000123456
Amount
$100
CONFIRMED
Next
Passwordless Authentication | 03
6. KMS Solutions works closely with leading software companies across the
globe to bring the most advanced and innovative technologies to Asia
Pacific. The focus is to help organizations achieve their business goals
through world-class fit-for-purpose solutions and proven industry best
practices. KMS Solutions’ success is ultimately measured by the positive
impact that it makes to the client’s business.
To learn more about KMS Solutions, visit https://kms-solutions.asia/