ThumbSignIn launches FIDO2 authentication and biometric e-signing as VP says full passwordless 5 years off
ThumbSignIn has launched an omnichannel authentication solution and biometric e-signing technology with FIDO2 to advance the move to biometric passwordless authentication. In an interview with Biometric Update, Aman Khanna, the company’s VP of Product, shared insights on the recently launched omnichannel security offering, e-signing biometric technology, what it means to be FIDO2 certified and predictions on what to expect next.
Biometric omnichannel security
By introducing an omnichannel security offering as a single method of authentication, ThumbSignIn delivers secure authentication across multiple channels. The best example is of a user having to be physically present in a branch to interact with their bank or credit union, to make a credit card payment at a point of sale, withdraw money from an ATM or reach out to a call center. However, a user could also go to that organization’s website or download the bank’s mobile app for convenience.
From a security perspective, Khanna explained, as the number of touch points between a consumer and the services accessed has increased, automatically adding vulnerabilities to the attack surface, an omnichannel solution makes interaction more convenient and secure.
If we consider user experience, the authentication process can really make a difference. It is far more accessible to type a password into a website than on a mobile app, as a user might be multi-tasking when on the phone. It would be fairly inconvenient to say passwords out loud for authentication. In an omnichannel environment, however, the goal is to “deliver a seamless user experience without compromising security,” Khanna said.
ThumbSignIn’s platform easily integrates with online services to ensure seamless biometric authentication across all touch points. By using fingerprint recognition or face ID, users can authenticate themselves into any channel.
Deployment opportunities and importance of FIDO standards
When asked about deployment opportunities, Khanna said the technology could easily be deployed in the banking and hospitality industries to provide a frustration-free experience. In a casino resort, for instance, there are many points of interaction. As soon as guests check in with front desk, they can use the offering to order room service, pay for TV channels or access a variety of services. With security attacks spiking in these environments, “the platform would considerably reduce phishing attacks as well as password-related compromise,” Khanna explained.
The healthcare industry could definitely benefit from an omnichannel security product, he added, to boost security and productivity for doctors who need access to different systems online, on mobile or via a kiosk. With an omnichannel security platform healthcare organizations could save time and costs, as staff would no longer have to type passwords into each system they need to be logged in.
ThumbSignIn recently went through a rigorous certification process to be FIDO2 certified by the FIDO Alliance. The adoption of FIDO2 last year by the W3C (World Wide Web Consortium) as a standard for strong online authentication, has driven interest in support for FIDO standards. According to Khanna, it might be more appropriate to see FIDO2 protocol as a “banking protocol,” rather than an upgrade to the firewall. Compliance with FIDO2 means ThumbSignIn provides support for authenticators such as YubiKeys and biometric sensors, among others.
FIDO adoption roadblocks and the future of security regulation
“The reason the FIDO2 standard is taking time to become universally adopted has less to do with the standard itself or the technological capabilities,” Khanna says.
The bureaucracy around having to change facilities, as well as not enough education on the topic are among the roadblocks to the global adoption of FIDO standards. However, organizations are slowly making the transition to passwordless environments, it is just a process that will take another three to five years, Khanna believes.
It is likely that highly regulated industries, such as financial services, law enforcement and government that “have to comply with certain standards published by NIST or PSD2,” will be the first to adopt the standards.
“I expect FIDO2 authentication, which is resistant to phishing attacks, to be more natural and recognized. The current environment is likely to accelerate the adoption of this technology,” Khanna believes.
Security regulation will face more rigorous changes around privacy, as standards similar to EU’s GDPR and California’s Consumer Privacy Act (CCPA) are expected to emerge worldwide. Companies will start showing more interest in regulatory compliance, as non-compliance cost will increase and losing customer trust would have a detrimental impact on any organization.
Changes in user perception
In the past four years, users have become more comfortable with biometric authentication for security purposes, because they have understood how convenient the entire experience is compared to memorizing dozens of unique, complex passwords. Smartphones now supporting biometric modalities have greatly contributed to users getting more familiar with the concept of unlocking their phones with a fingerprint, for example.
No doubt, biometric standards will be widely adopted, as the younger generation views biometric authentication as a top option for online services. As the number of cases where scammers have tried to take advantage of the coronavirus outbreak to scam passwords out of people through phishing attacks has spiked, COVID-19 will undoubtedly speed up the adoption of passwordless biometric authentication. It might even convince older generations to join in to protect their assets.
“People are getting used to using fingerprints to unlock their phone. A lot has to do with changing perception, and I expect more and more people to adopt biometric standards. Millennials and younger people who are entering the workforce are much savvier about this,” Khanna explained. “They go native. They natively think about authentication as being biometric. There will be a generation that will take biometrics first, rather than as an option.”
Biometric electronic signing of documents
ThumbSignIn now offers biometric electronic signing of documents that lets users leverage leading e-signature applications and biometric authentication methods such as fingerprint and facial recognition. Whenever a user wants to sign a document electronically, they first have to confirm identity which is done through biometric technology. This service could be used to sign a bank loan agreement and it can be easily integrated with any platform and device that supports biometric modalities. For users with an older generation laptop that does not support biometrics, a push notification is sent to the registered mobile device for authentication. This is an agnostic platform that works with any biometric modality, yet the experience really depends on device capability.
What the future brings
Further down the road, more industries will appreciate the importance of biometric omnichannel authentication and FIDO standards, as consumers will be introduced to a wider variety of case studies for biometric deployment such as unlocking their homes. Khanna expects a notable growth of voice and behavioral biometrics, as they require no effort from the user and can deliver a seamless and frictionless experience. “This is why we call it silent authentication,” he says. “People will get authenticated without explicitly having to do it, so they will use it more frequently.”