Keep up to date with the trending topics
from our industry experts

Passwords – The beginning of the end in 2024

Written by Dan O’Hara

Friday, 15 March, 2024

Webinar: This is your Microsoft Copilot speaking, we’re ready for financial services take off

On demand

Learn how this powerful AI tool can help you create, analyse and communicate better with your data.

Microsoft Copilot Webinar

How the financial services industry is leading the way to a password-free world

Passwords have been the default method of authentication for online services for decades, but they are also the source of many security breaches and user frustrations. According to a recent report by Microsoft, 81% of cyberattacks are caused by compromised passwords, and the average person has to remember 100 passwords across different accounts. Passwords are not only inconvenient, but also risky, as they can be easily stolen, guessed, or forgotten.

That’s why the financial services industry, along with other sectors, is moving towards a password-less future, where users can access corporate systems without having to type in a password. Instead, they can use biometric factors, such as fingerprint, face, or iris recognition, or a physical device, such as a smartphone, a smart card, or a security key. These methods are more secure, as they rely on something the user has or is, rather than something they know or remember. They are also more convenient, as they eliminate the need to create, remember, and reset passwords.

Why is password-less login coming?

The move to password-less login is driven by several factors, including:

  • The rise of cloud computing and mobile devices, which enable users to access their data and services from anywhere, anytime, and on any device.
  • The increasing sophistication and frequency of cyberattacks, which target passwords as the weakest link in the security chain.
  • The growing demand for user-centric and frictionless experiences, which require fast and easy access to online services.
  • The compliance and regulatory requirements, which mandate higher levels of security and privacy for sensitive data and transactions.

But wait, I have multi-factor authentication (MFA), do I still need password-less login?

MFA can reduce the risk of password-based attacks, but it does not eliminate them completely. For example, hackers can still use phishing, malware, or SIM swapping techniques to intercept or steal the second factor. Moreover, MFA can be cumbersome and frustrating for users, especially if they have to enter codes every time they log in or switch devices.

Password-less login solves these problems by removing passwords altogether and replacing them with stronger and simpler factors, such as biometrics or devices. Password-less login is more secure, as it relies on unique and hard-to-replicate attributes of the user or their device. It is also more convenient, as it reduces the friction and hassle of logging in, and improves the user experience.

Who is involved in the password-less login movement?

The password-less login movement is supported by various industry players, such as:

  • Technology providers: Companies such as Microsoft, Google, Apple, and Samsung are developing and promoting password-less login solutions, such as Windows Hello, Google Titan, Face ID, and Samsung Pass. These solutions leverage the biometric and device capabilities of their products and platforms, as well as their identity and cloud services.
  • Standard organisations: Groups such as the FIDO Alliance, the World Wide Web Consortium (W3C), and the OpenID Foundation are creating and adopting password-less login standards, such as FIDO2, WebAuthn, and OpenID Connect. These standards enable interoperability and compatibility among different password-less login methods and online services.
  • Industry associations: Associations such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Open Banking Implementation Entity (OBIE), and the Better Identity Coalition are advocating and facilitating the adoption of password-less login in the financial services sector, as well as other sectors. These associations provide guidance, best practices, and resources for password-less login implementation and innovation.

The password-less login movement is gaining momentum and traction, as more users and organisations recognise its benefits and potential. Password-less login is not only a trend, but a necessity, as the digital world becomes more complex and demanding. Password-less login is the future of secure and convenient access, and the financial services industry is leading the way to a password-free world.

Would you like to know more about your organisation moving to a more secure, password-less environment?

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

Follow us:

Pin It on Pinterest

Share This