Background

In 2023, Thetis collaborated with a leading financial institution to address rising cybersecurity threats. Faced with increasing phishing attacks and a need for enhanced user experiences, the institution transitioned to passwordless authentication using FIDO2 Security Keys.

Challenges

  • Phishing Attacks: Phishing attacks increased by 41% in 2023, impacting over 350 million people globally, with the financial sector being the most targeted.
  • User Experience: Traditional authentication methods created friction in the login process, negatively affecting customer satisfaction.
  • Operational Efficiency: Legacy password systems strained IT resources, costing an average of $480 per employee annually due to password-related issues.

The Road to Passwordless Authentication

The financial institution adopted FIDO2 and WebAuthn standards to mitigate phishing risks, which are the leading cause of security breaches.

Solution

Thetis implemented a comprehensive passwordless authentication solution featuring FIDO2 security keys, biometric keys, and contactless keys. These solutions support USB, NFC, and Bluetooth, ensuring robust security across various devices.

Use Cases

  • FIDO2 Security Keys: Secure remote logins, eliminating password reuse issues, a common vulnerability exploited in credential stuffing attacks. Explore FIDO2 security keys.
  • Biometric Keys: Streamlined user experiences with fingerprint recognition, reducing login times and improving satisfaction. Learn more about Biometric Keys.
  • Contactless Keys: NFC-based authentication for mobile applications, providing a frictionless experience for on-the-go access to financial services. Check out our contactless solutions.

Implementation Process

1. Needs Analysis:

  • Identified security vulnerabilities and requirements through thorough assessments.

2. Supplier Selection:

3. Technical Integration:

  • Integrated passwordless technology into existing systems, adjusted both backend infrastructure and frontend user interfaces, and conducted extensive testing.

4. User Training and Promotion:

  • Educated users on the new system through guides, email campaigns, and online tutorials, with ongoing support for a smooth transition. Access training materials.

Results and Impact

  • Enhanced Security: Significantly reduced phishing-related breaches and unauthorized access incidents.
  • User Confidence: Increased trust in digital security measures and improved customer satisfaction metrics.
  • Improved User Experience: Streamlined login processes, reducing average login times and increasing user engagement.

Lessons Learned

  • Continuous Improvement: Regular updates and feedback loops are crucial for maintaining high security standards.
  • Effective User Education: Comprehensive training and clear communication are essential for successful adoption of new security measures.

Due to client confidentiality, specific data has been withheld. This report has been reviewed and approved for publication by our partners. For more information on how Thetis can enhance your organization’s security, contact us today.