Passwordless Authentication: Basics and Benefits 

As technology advances, so do the ways we protect our data and personal information. Traditional passwords and security Q&A methods are no longer as effective as they once were. That’s why many financial institutions, including banks and credit unions, are now doing away with passwords across some or all channels. Let’s look at what passwordless authentication is, how it works, and why it’s become such a popular security measure. 

What Is Passwordless Authentication? 

Passwordless authentication is a security method that doesn’t require users to enter a password in order to access their accounts. Instead of using traditional passwords, users can use biometrics or one-time codes to prove who they are. It eliminates the need to remember, write down, store, recover, or change passwords. 

Passwordless authentication is becoming increasingly popular because it eliminates the risks associated with traditional passwords, such as phishing attacks and brute force attacks (which occur when hackers try to guess your password). 

How Does Passwordless Authentication Work? 

How passwordless authentication works varies depending on the solution you choose. Generally speaking, there are two popular methods: biometric verification and one-time codes. 

With biometric verification, users can access their accounts by scanning their fingerprint or face, or by speaking to have their voice verified. With one-time codes, users will receive an SMS message or email with a unique code that they need to enter before they can access their account. This code changes every time the user logs in. These single-use codes demonstrate that a user has access to a specific, preauthorized and recognized device. 

Popular Passwordless Authentication Solutions 

There are numerous passwordless authentication solutions available today. There are also many specialized authentication vendors that serve specific markets and use cases. The best passwordless authentication platform to implement depends on the use case and existing tech stack.

Each solution offers different features and levels of security depending on an organization’s needs and user requirements. Here are some examples:

  • Auth0 offers its own range of biometric sensors for fingerprint scanning.
  • Duo Security focuses on two-factor authentication (2FA) and offers both face and fingerprint biometrics.
  • Microsoft’s Azure Active Directory passwordless authentication options include face, iris, and fingerprint scanning as well as PIN gestures. 
  • The MS Authenticator App is a mobile version that uses the device itself, a one-time number and face, touch, or PIN as a passwordless credential.
  • Illuma Shield™ offers passive voice authentication for telephony systems, particularly call center environments in financial institutions. This form of passwordless authentication happens in the background during the initial seconds of natural conversation. 
  • Other providers often use active voice verification that requires users to repeat a spoken phrase such as “My voice is my password.”

How Secure Is Passwordless Authentication?

Is passwordless authentication safe? Passwordless verification measures vary in the level of security they provide. They are typically much more secure than traditional passwords. 

  • Live, real-time biometric authentication is considered highly secure since it can’t be stolen, guessed, phished, or hacked. 
  • One-time passwords (OTPs) are still passwords and can sometimes be intercepted or otherwise overcome by tech-savvy identity thieves.
  • Many passwordless systems include multi-factor authentication to increase the level of overall security. This approach must be carefully considered to balance security vs. convenience for the user.

What Are the Benefits of Passwordless Authentication?

There are numerous benefits associated with using a passwordless authentication solution over traditional passwords:   

Improved User Experience – Passwordless authentication makes it easier for users to access their accounts without having to remember complex passwords or deal with long login processes including security Q&A. With no passwords required, users can quickly access their accounts without worrying about forgetting critical information and being locked out of their accounts by mistake.

Increased Account Security – Since passwords aren’t stored anywhere (either on a central system or on the user side), there are no passwords for hackers to steal and use in account takeover attempts. Passive biometrics in particular are proving very difficult for fraudsters to circumvent. 

Note: There is recent evidence that using a single pre-recorded phrase (such as “my voice is my password”) for active voice authentication may be vulnerable to AI mimicry. However, this is because the AI only has to match a short, known phrase rather than engaging in real-time conversation. Passive voice authentication works very differently and offers much better protection against such attacks. It uses an algorithm for verification that identifies the characteristics of the voice in natural conversation where the caller can say anything (in any language) in real time. Mimicking a targeted voice accurately while engaging in dynamic real time conversations with a human contact center agent is extremely difficult with today’s voice synthesis tools.

Click to learn more about active vs. passive voice authentication.

Operational Cost Savings – Implementing a passwordless solution can provide substantial operational efficiency by reducing interaction time for users. For example, hold times and average call handle times drop substantially in call centers that implement voice verification. The savings from preventing account takeovers are also substantial. Safeguarding user accounts and company reputation is one of the biggest advantages of passwordless authentication.

It’s Easy to See Why Passwordless Authentication Is Popular

By eliminating the need for traditional passwords, users can enjoy increased security while enjoying a seamless account access experience. While passwords will no doubt still play a role in day-to-day access to non-critical account information, highly sensitive information such as bank or credit union member accounts are best protected with biometrics and multi-factor authentication measures.

Is your financial institution looking for ways to increase account security in your call center? Contact Illuma to learn about voice verification.