Are we heading towards a passwordless future?

Past articles have discussed the power of biometrics in enabling larger organisations to achieve the often-dichotomous goals of security and convenience, an accomplishment that hasn’t gone unnoticed among fintechs. However, for many fintechs, biometric authentication has remained an elusive goal. Here, we’ll explore how current attitudes and sentiments towards passwords and biometrics are evolving and what it will take to drive an evolution (and perhaps revolution) beyond outdated passwords in the broader fintech industry.  

Current Attitudes and Sentiments 

A recent industry survey offered insights into current attitudes towards passwords among general consumers and small to mid-sized businesses (SMBs). While the inherent weaknesses of passwords are well-acknowledged in the industry, what’s surprising is the extent to which consumers just can’t seem to take it anymore. According to the survey, more than half of consumers have given up on purchasing a product or service because they couldn’t remember their password; more than half said that having to go through a password reset process has negatively impacted their mood and their day; almost half have experienced “password rage,” defined as experiencing password stress and fatigue; and a majority (two out of three) avoid or dread the password reset process.

While this survey reflected attitudes among general consumers and SMB owners, we can only surmise that users of popular fintech apps (for example, personal finance, digital banking and investment trading mobile apps) would have equal, if not more extreme reactions, given the sensitivities involved in accessing one’s money and personal financial information.  

Fintechs under pressure  

In this context, an easy, seamless authentication process becomes a key competitive differentiator, and responses from SMB owners reinforce this. Again, we consider emerging fintechs a microcosm of this group that would likely hold similarly strong if not more acute attitudes: 

• Almost 95% of SMB owners (500 employees or less) view delivering an easy authentication experience as an important differentiator;  

• More than 65% of SMB owners have gotten feedback from customers and/or employees indicating frustration with passwords; and  
• 57.8% of SMB owners would allow employees to replace passwords with biometrics. 

As impatience and dissatisfaction with more traditional authentication methods grows, fraud is only growing as well, particularly in some burgeoning areas of fintech, which is why fintechs have an average fraud rate that’s double that of credit cards and triple that of debit cards. Consider as an example Buy-Now-Pay-Later, or BNPL, where the most popular type of fraud is account take-over - when a fraudster takes over an existing BNPL account and uses it to make unauthorized purchases. BNPL fraud grew by 66 percent between 2020 and 2021, most likely a result of consumers’ poor password hygiene. According to recent studies, almost half of all consumers using BNPL use the same password across multiple BNPL accounts, greatly increasing their susceptibility to fraud. 

Moreover, fintech areas like BNPL are only getting more competitive every day, and an estimated 90 percent of fintechs are expected to fail due to lack of differentiation. Delivering a highly secure, seamless authentication experience is surely one way to stand out, but there’s a conundrum. If a fintech focuses too much on security, it may endanger the user experience; but if it focuses too much on convenience, it increases the risks for fraud, regulatory non-compliance and revenue loss. Lightning-fast, highly secure biometrics are an extremely viable answer, but the problem is they have traditionally required special hardware or equipment and advanced technical development, which most fintechs, particularly in the startup world, simply can’t afford.  

Bidding Farewell to Passwords Once and For All 

It is important for fintechs to overcome barriers and bring biometrics into practice. But what is it going to take to get there? 

• A more accessible, efficient delivery model - One would think that the use of biometrics would be quickly adapted to the cloud. But to date, the biometrics industry has traditionally not been cloud-native, and this needs to change. Moving to a cloud or SaaS-based model can negate the cost and time requirements of implementing biometrics, as this up-front work would be handled by the biometrics provider. 
• Data security and privacy assurances - From the very beginning of the cloud computing era, security has been a concern. To this end, biometrics providers need to implement both biometric and non-biometric best practices to ensure the security and privacy of biometric data in the cloud, at every step in the process - for example, encryption of all data in transit, erasure of data at various intervals and no storage of personally identifiable information and more. 
• Crystal-clear communications and options - Fintechs should always provide a clear option for users to choose not to store their biometrics in the app and instead log in with a password or other form of authentication. It’s not likely many users will choose this option, but it’s important to offer it no matter how technologically sophisticated a group of users (like those found in fintech) may be, as this is a cornerstone for building and maintaining trust.  

A new generation of users opting for biometric innovation

The great news for fintechs is that Gen Z’ers and Millennials constitute their largest proportion of users, and not surprisingly, this is the same age group that reports being the most receptive to new biometric authentication techniques. Therefore, a fintech’s ability or inability to deliver on this preference will certainly play a role in the “survival of the fittest.” To date, cost and time requirements have been a hurdle. But fortunately, this is changing through new innovations enabling smaller, emerging fintechs to more easily, quickly, and cost-effectively bring the crucial combination of security and convenience to their authentication processes.

About the author: Bob Eckel is the President and CEO of Aware - a leading global provider of biometrics software products, services, and solutions