“Passwordless” is a buzzword that seems to be everywhere these days, but what are the actual steps that companies can take to reduce or eliminate their reliance on passwords? In this post, we’ll start by highlighting the challenges of more traditional multi-factor authentication (MFA) methods such as passwords and one-time passcodes (OTPs) and then delve into what forward-thinking digital identity and fraud and risk leaders have already begun doing to transition to more advanced and efficient identity authentication solutions such as deterministic authentication through a mobile device. If you’re already familiar with why passwords and OTPs just don’t cut it anymore when it comes to both security and customer experience, feel free to skip past the next section and get right into advanced passwordless solutions.
Why We Need to Move Past Passwords and OTPs
Passwords and OTPs present a sub-optimal experience for customers and at the same time, are vulnerable to social engineering and other fraud vectors. If you’ve ever felt like pulling your hair out because you couldn’t remember your password or because you were waiting for a one-time passcode that never arrived, you’re not alone.
A recent survey we conducted with OnePoll found that 62% of U.S. consumers said they’d abandon trying to log into an account after just three failed password attempts and 34% would switch providers completely if they’re unable to log into their account easily. From a security perspective, a whopping 81% of hacking-related breaches used stolen passwords and/or weak passwords, demonstrating that passwords are far from effective when it comes to preventing unauthorized users from accessing accounts.
Password resets & OTPs also cost firms millions annually. Given that a single password reset done via a helpdesk or call center can cost around $7, many firms are looking for a more cost-effective and user-friendly approach to authenticating identities.
How Can Companies Transition Away from Passwords and OTPs?
Many leading companies are choosing to go passwordless by adopting more advanced and accurate identity authentication solutions such as deterministic authentication through a mobile device. Deterministic authentication through a cryptographic key such as a SIM card on a mobile device has many benefits:
- Works through something nearly every adult on the planet already has - a mobile phone
- Reduces reliance on OTPs and passwords with passive, deterministic authentication in any channel (mobile, desktop, call center, etc.)
- Enhances customer experience and satisfaction by making logging in easy and seamless
- Authenticates any device anywhere via app push notification or biometrics
- Reduces authentication costs by cutting out OTP and password reset charges
Simply put, identity authentication that leverages mobile signals is more secure because it requires a user to be in possession of their mobile device. Unlike with passwords and OTPs, which hackers can easily gain access to, this “possession check” makes fraud unscalable and costly for fraudsters. Deterministic authentication through mobile signals is also inherently more user-friendly because it uses mobile phones, which most people always have close to them.
What is Prove Auth?
Prove Auth is a next-generation solution for passwordless login and omni-channel authentication. Prove Auth enables companies to reduce reliance on passwords and one-time passcodes (OTPs) and empowers consumers to frictionlessly authenticate from any channel with a 1-tap solution that is simple, cost-effective, and secure.
Prove Auth is powered by Prove’s machine learning platform, Pinnacle, the industry’s most accurate identity decisioning platform and enables deterministic authentication with low friction, overcoming the limitations of legacy risk-based authentication platforms.
Whether you have a mobile app or need to authenticate your customers in other channels such as mobile web or desktop, Prove Auth has several options for completely passive or partially passive authenticators. For those looking to authenticate outside of the mobile app environment, Prove Auth makes it easy to deploy FIDO2 web-based authentication to either authenticate directly with Prove or utilize on-device biometrics for step-up measures.
How Prove Auth Works & What Makes It Different
Prove Auth leverages the cryptographic key (SIM card) that is in a mobile device to authenticate consumers more accurately because it performs a “possession check” that requires a user to be in possession of their mobile device. This means that fraudsters will not be able to pass this check unless they are physically in possession of a consumer’s device (which is possible but is unscalable and typically not worth a fraudster’s time or effort).
Prove Auth also elegantly uses something that most adults already have in their possession at nearly all times - their mobile phones. Because most consumers are already accustomed to using their mobile phones, there is no learning curve for your customers to overcome. However, unlike OTPs (which also use mobile phones), Prove Auth works passively in the background in most cases so there is none of the friction or frustration of passwords and OTPs.
Prove’s services allow companies and consumers to develop a high level of trust in the use of the phone number as an authenticator for a particular transaction. Prove Auth allows the device itself to inherit that trust by establishing a bind or key between the device and a given identity. After the initial bind, the key can then be used in place of traditional, phone number- based authenticators for the user to prove possession.
Prove Auth Success Stories
- In the financial services sector, a leading Neobank sought to add a “silent” authenticator in their web and SDK user interactions (e.g account registration). Prove Auth helped fill the gap in their onboarding requirements and daily consumer transaction authentication services resulting in 115 million successful authentications so far.
- In the public sector, a leading government services firm turned to Prove for a way to improve consumer authentication for their state and federal government entities. Prove Auth advanced their standard SMS OTP process, streamlining authentication while providing added insights for each transaction. This company has already completed over 200 million successful authentications with Prove.
- A leading credit bureau implemented Prove Auth as a way to optimize their consumer registration and credit check process for credit offers prior to lending decisions. Prove Auth has been used for 1.4 million successful authentications and ensures secure, timely decisioning.
- In the retail sector, a national furniture retailer needed to perform registration and initial credit checks for consumers prior to generating contract terms for their furniture rental service. Prove Auth was implemented for initial account generation, securely binding consumers to improve onboarding experience, reduce cart abandonment, and improve transaction security. 90,000 authentications have been completed thus far resulting in a significant reduction in cart abandonment.
Interested in learning more about Prove Auth? Request more information or a free consultation here.
Keep reading
Prove Identity has launched a free Developer Portal for engineers to test out the Prove Pre-Fill® solution, which streamlines the customer onboarding process while preventing fraud.
PYMNTS interviewed Prove CMO Brad Rosenfeld for the most recent episode of, “What’s Next in Payments,”
Miller was the featured guest on InfoRisk Today, where she explained some of these rising threats and the corresponding need for better, more rigorous identity verification strategies.