Florida-based First Citrus Bank provides premier independent community banking services to individuals, professionals, executives and entrepreneurs. With 70 employees in five locations, First Citrus is ranked in the top five Tampa Bay community banks by asset size.
Struggling with costs, complexities and security issues with passwords, First Citrus sought to increase security and usability for its employees logging into its various systems on shared Windows workstations. After testing several alternative authentication methods, First Citrus turned to FIDO Authentication as the best option to provide strong cryptographic authentication with a much easier passwordless user experience.
Eliminating the password
First Citrus sought to move away from passwords as the primary form of authentication for its employees logging on to its systems on shared Windows workstations. Between costly resets and a negative impact on employee productivity, First Citrus’s main objective was to eliminate the need for its employees to have to enter a password while providing secure user authentication.
The bank evaluated several desktop authentication options including smart cards and time-based one-time passwords (TOTPs), but found that these options added friction for their employees’ logins, creating a poor user experience while not providing enough additional security. All of the options they reviewed also still required password entry.
Taking a standards-based approach to passwordless authentication
First Citrus then looked to FIDO Authentication, a standards-based approach to strong authentication. The interoperability that comes with taking a standards-based approach fit well into First Citrus’s broader security strategy.
FIDO standards use on-device public key cryptography techniques to provide stronger authentication over passwords and other forms of strong authentication; user credentials are never shared and never leave the user’s device. The protocols are also designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services, and biometric information never leaves the user’s device. This is all balanced with a simple user experience that meets passwordless use cases with native biometrics on the user’s device.
It was important to First Citrus to choose an end-to-end FIDO Certified solution in order to roll out FIDO Authentication to all of its access points with assured security and interoperability. The bank chose to work with HYPR, which offers FIDO Certified platforms for FIDO UAF (mobile-based passwordless authentication) and FIDO2 (mobile and desktop passwordless and second-factor authentication) standards. The mixture of these FIDO specifications allows First Citrus to cover mobile and desktop requirements for user authentication.
Simpler, mobile-initiated authentication for all employees
First Citrus deployed HYPR’s FIDO platform to provide truly passwordless authentication for all of its employees logging into Windows 7 and 10 workstations. Deployment was straightforward: within an hour, the bank was able to have computers leveraging FIDO Authentication. After a several-month evaluation period, First Citrus rolled out the FIDO solution to all of its employees in February 2019.
For First Citrus employees, logging in is now mobile-initiated. They simply use the native biometrics on their mobile device (iOS or Android) to log in to any First Citrus desktop workstation, with far higher FIDO security and privacy over the old password model. Employee feedback has been positive; the chief financial officer has joked, “I’ve completely forgotten my password!” HYPR’s FIDO Certified platform has now become a core component of First Citrus’s internal authentication strategy, with the possibility of extending FIDO authentication options to its online banking customers in the future.
View the First Citrus Bank Case Study PDF document here.
OVERVIEW
First Citrus is ranked in the top five Tampa Bay community banks by asset size, with 70 employees in five locations.
Objective
First Citrus sought to eliminate the
need for employees to have to enter
a password while providing secure
user authentication.
Solution
First Citrus implemented HYPR’s
FIDO Certified authentication
platform, which provides simpler
and secure mobile-initiated biometric
logins for all employees to
Windows workstations.
What’s Next
FIDO and HYPR have now become
core components of First Citrus’s
authentication strategy, with the
possibility of extending FIDO
authentication options to its online
banking customers in the future.
“I’ve completely
forgotten my
password!“