How ineffective are passwords as a means of authentication?
Consider this key piece of information from Chris Doner, CEO/founder of Access Softek, a mobile banking software development firm:
“All the fraud that’s reported to us—every single instance—has come from the member voluntarily giving the fraudster their password,” Doner says. “Even if you have fail-proof security and you have figured out a security system that doesn’t compromise security, members are still going to give up their passwords.”
While in most cases members give up their passwords unwittingly, biometrics offers a much more secure alternative, Doner says.
And just as importantly, he said, biometric authentication is no longer just around the corner; it’s already here.
“Everywhere you need to authenticate a member, you should think about implementing biometrics,” he says.
The first and easiest place to offer biometric authentication is through the mobile channel, usually through a user’s thumbprint.
“We live in a mobile-first world,” Doner said. “Mobile is where growth is strongest and where adoption is most readily accepted.”
Doner recommends providing users with a “nudge” to adopt biometrics.
For example, you might allow deposits up to $5,000 without biometric authentication, but require biometric authentication for deposits of higher amounts.
Credit unions that offer members the option of using both a password and biometric authentication undermine their cybersecurity defenses, Doner says
“They can still be tricked into giving the password to somebody,” he says. “That leaves the whole system vulnerable, even though a lot of people are using biometrics. We have to get to a point where biometrics is the only option.”
To reach that point, Doner suggests removing the password option from one member segment at a time—perhaps starting out with new members—and offering other members the option of using only biometric authentication.
“Some members are always going to be averse to change,” he says. “We just have to recognize that and work with them.”
Donor addressed a breakout session at the CUNA Technology Council Conference and CUNA Operations, Sales & Service Council Conference in Las Vegas.