RSA 2019 – Has Passwordless Authentication Finally Gone Mainstream?

Mar. 22, 2019 | by Frances Zelazny

If you were in San Francisco last week, you would have wondered where the RSA Conference actually was. Personally, I spent a total of 90 minutes in the BioCatch booth over the course of the three days, and much more time outside Moscone Center than on the show floor. That being said, when I was at the trade show proper, there was a continuous crowd, lots of good buzz and conversation, and a palpable energy around when next generation information security will arrive.

“When will passwords finally die?”

“When will cumbersome and annoying multi-factor authentication methods go away?”

RSA 2019 attendees were looking for a future where passwordless authentication is reality. The important refrain? “Please, just show me how!”

I was reminded of this video on passwords, put together at RSA 2013. If shot today, it would have been exactly the same. The most popular password remains “123456” and the second most popular password remains “password.” Yet, we keep at it because the alternative is too much to bear.

According to Dashlane, in 2018, the average American had about 200 accounts that require some sort of password identification. The default response is to use easy to remember passwords, or to reuse passwords. Of course, this is a security expert’s nightmare. But to some degree, do passwords really even matter?

User Convenience Trumps All

“Passwords, passwords go away,

We don’t want you one more day.

You’re not efficient or effective,

Just annoying and disruptive!”

According to a recent Aite Group report, 41% of heavy online users prefer to have passive, behind-the-scenes security as opposed to active authentication. Given that these consumers are probably the most valuable asset that a merchant or bank has, and that the next generation is overwhelmingly digital-first, this large plurality is yet another reminder that focusing on user convenience is what will win over hearts and minds.

This goes for account origination as well. Every step introduces additional friction, so the faster and more seamless the onboarding process is, the more likely the person will complete an application. In fact, 56% of respondents in a recent survey abandoned an online financial application, and when asked why, 40% said too much information was required, 34% said it took too long, and, interestingly enough, 28% said the process would have had to be completed in person.

The repercussions are clear – immediate revenue or transaction loss, lost customer lifetime value, wasted customer management costs, and risk to the brand.

Enabling Secure Experiences Without Compromising Convenience

Of course, the need for authentication and verification cannot be ignored. Besides many regulatory requirements – the New York State Cybersecurity Regulations and Strong Customer Authentication under European PSD2 rules, among others – the fact is, financial transactions involve hefty and sensitive assets that need to be properly protected.

Traditional solutions, though, are not doing the job. At the LATAM and Iberia Fraud Forum, a side event at RSA 2019 hosted by Microsoft, FacePhi, Transmit Security, and BioCatch, much discussion was around the fact that fraudsters are increasingly local, adaptive, and sophisticated and traditional solutions are missing the mark.

A report released a few days after RSA confirms this point – out of 14 active malware controllers that were identified, the majority were in Latin America. Speakers from Banorte, Sabadell, Falabella, and other regional banks explored their experiences in beating these challenges while being cognizant of the user experience for the reasons explained above. The role of AI and machine learning to be able to connect the dots and correlate all types of data points to make informed risk decisions is increasingly important.

Behavioral Biometrics Takes Center Stage at RSA 2019 and Beyond

One of the most interesting developments was the awareness of behavioral biometrics. This was my third RSA with BioCatch and the first where I did not find myself explaining what the technology did as much as I found myself talking about the value that the technology provides, and how it is implemented by tier-one financial institutions all over the world.

People really could envision how this technology would deliver the holy grail – passwordless authentication, real security, and minimal disruptions online – across so many use cases beyond the enterprise. Speaking about the 10-15x ROI that BioCatch customers achieve through the deployment of behavioral biometrics made the implications real and tangible.

So in conclusion:

“Passwords, passwords, your time is done,

New solutions will have won.

The hardest part now is making the change

Workflows, engines to rearrange.

User behavior makes it easy, makes the end game close

Secure and seamless online experiences can be grandiose!”

Learn more about how BioCatch’s behavioral biometrics solution is paving the way to passwordless authentication that puts the user first.

Topics: Continuous Authentication