CVS Health is a U.S. healthcare organization that includes multiple operating divisions including retail with CVS Pharmacy, which has nearly 10,000 locations across America. CVS Health also includes a large healthcare insurance business that integrates assets from Aetna.
As of Q2 2023, CVS Health is using passkeys for consumer logins to their mobile web service.
The Challenge/ Use Case
The key focus for CVS Health is to ensure integrity and confidentiality of customer data. The overall user experience also needs to be positive, to drive traffic to CVS’s digital assets.
CVS Health is on a path to help make its consumer authentication experience not only secure, but easier to use. CVS Health is also on a path toward enabling password-less experiences for consumers wherever possible.
“For the external user, they would just simply walk away, if the user log in experience is cumbersome, in any way,” Cisa Kurian, senior security advisor at CVS Health commented. “Good security is always a balance between security and usability.”
How CVS Health Uses FIDO To Secure Its Users
CVS Health is building out an authentication platform to provide password-less authentication capabilities in its web, mobile, IoT and voice applications. Passwordless authentication is enabled with biometric authentication using FIDO standards
“Our goal is to increase friction for a potential threat actor, while enabling ease of use for the legitimate user,” Kurian said.
By adopting a FIDO based approach, CVS Health is able to provide an easier authentication experience for its users. Making the login experience more seamless also helps to improve the overall user experience as well.
“We chose FIDO because the standards are open, and allow for simpler and stronger authentication that is based on public key cryptography,” Kurian said. “In other words, it’s easy to use and more secure, at the same time.”