Background
In 2023, a major e-commerce platform, referred to as "the Platform," sought to improve its cybersecurity and user experience by adopting FIDO2 Passkeys technology. This move aligned with the global trend, with over 7 billion user accounts now capable of passwordless logins.
Challenges
Before implementing FIDO2 Passkeys, the Platform faced several critical challenges:
- Phishing Attacks: Traditional password and SMS OTP systems were vulnerable to phishing, compromising user account security.
- High Costs and Poor User Experience: While SMS OTP added security, its high costs and cumbersome user experience reduced user satisfaction.
Solution
The Platform implemented PASSKEY as part of its login protection strategy. Users can now choose between using their mobile devices or a FIDO2 security key instead of traditional passwords. The Thetis FIDO2 security keys use cryptographic key pairs to ensure secure, passwordless authentication, preventing phishing attacks and enhancing login experiences.
Learn more about how users can use Thetis Key as a Passkey for their services.
Implementation Process
1. Needs Analysis:
- Assessed the system’s shortcomings, identifying security vulnerabilities and user experience issues.
- Determined technical bottlenecks users faced during login.
2. Supplier Selection:
- Selected Thetis.io for its range of FIDO2 security keys, which support USB, NFC, and Bluetooth connections, ensuring broad compatibility with various devices.
3. Technical Integration:
- Integrated Thetis.io’s FIDO2 Passkeys technology into the Platform’s existing system, including backend and frontend adjustments.
- Conducted internal and user testing to ensure system stability and satisfaction.
4. User Training and Promotion:
- Rolled out the new authentication method via email, announcements, and tutorials, providing users with guides on using FIDO2 Passkeys.
Results and Impact
Key Data
- Registered Users: The Platform successfully transitioned the majority of users to the FIDO2 Passkeys system.
- Success Rate: Login success with Passkeys reached 81.5%, compared to 73.2% with SMS OTP.
- Average Login Time: Passkeys reduced average login time to 4.8 seconds, compared to 19 seconds with SMS OTP.
- User Feedback: Users reported enhanced security and convenience, greatly improving the overall experience.
Lessons Learned
- Continuous Improvement: Adopting new technology and changing user habits requires ongoing effort.
- Importance of User Feedback: Gathering and acting on user feedback was key to the project’s success.
For more information on how Thetis.io can help enhance your organization’s security, visit our website or contact us today!