Multi-factor authentication goes mainstream

Goodbye username plus password, hello smartphone plus thumbprint

Fingerprints, rather than passwords, are what more than a million financial services customers at USAA use to get online. Part of a trend toward multi-factor authentication (MFA), there is no stored list of passwords for hackers to steal.

biometrics fingerscan smartphone REUTERS/Fabrizio Bensch

In 2014, San Antonio-based USAA became the first financial institution to roll out facial and voice recognition on a mobile app, says Gary McAlum, USAA's chief security officer. Thumbprint recognition followed a few months later. A year after that, USAA had 1.1 million enrolled MFA users, out of a target population of 5 million mobile banking app users.

"The security model of the Internet is a legacy model, a dying model, based on information that is known -- your password or your high school mascot, for instance -- all of which is readily discovered from data breaches or from Facebook," notes McAlum. "Getting away from 'information that is known' is imperative to us."

To continue reading this article register now

Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.