Banking’s Authentication Problem Has Changed

Banks are no longer fighting simple password reuse. They’re facing real-time phishing kits, MFA fatigue, session hijacking, AI-powered social engineering, and more.

Traditional MFA methods, such as OTP via apps, out-of-band SMS, and mobile push approval, continue to leave financial institutions vulnerable because:

  • They are still based on insecure passwords
  • They are increasingly bypassed

To make matters worse, compliance pressure is on the rise, with regulations such as DORA, Strong Customer Authentication (SCA) mandates, and Federal Financial Institutions Examination Council (FFIEC) guidance clamping down on how banks maintain resilience, develop code, and manage risk.

Yesterday’s access management solutions are no match for today’s emerging risk landscape. And yet the need for bulletproof financial authentication has never been higher.

As a result, phishing-resistant, cryptographic authentication, specifically FIDO, is rapidly emerging as the new baseline for banking security. The momentum behind passkey-based authentication extends well beyond the financial sector. Major technology providers including Microsoft, Google, and Apple have integrated support for passkeys across their platforms, helping accelerate mainstream adoption of FIDO-based authentication standards. The FIDO Alliance has also reported growing industry adoption as organizations seek phishing-resistant alternatives to passwords and traditional multi-factor authentication methods. As passkeys become increasingly familiar to consumers through everyday digital experiences, financial institutions are gaining a clearer pathway to deploying stronger authentication without sacrificing user convenience.


More

Cyberscoop: NIST urged to include multi-factor authentication in cyber framework

In this Cyberscoop article, FIDO Alliance Executive Director Brett McDowell and Jeremy Grant of the…

Read More →

Cyberscoop: It’s time to put multi-factor authentication in the NIST Cyber Framework

In this article in Cyberscoop, Executive Director Brett McDowell explains why multi-factor authentication is a…

Read More →

The Paypers: You can now meet PSD2 authentication requirements while improving user experience

In this article in The Paypers, FIDO Alliance Executive Director Brett McDowell explains how FIDO…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.