Multi-factor authentication goes mainstream

Goodbye username plus password, hello smartphone plus thumbprint

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Fingerprints, rather than passwords, are what more than a million financial services customers at USAA use to get online. Part of a trend toward multi-factor authentication (MFA), there is no stored list of passwords for hackers to steal.

biometrics fingerscan smartphone REUTERS/Fabrizio Bensch

In 2014, San Antonio-based USAA became the first financial institution to roll out facial and voice recognition on a mobile app, says Gary McAlum, USAA's chief security officer. Thumbprint recognition followed a few months later. A year after that, USAA had 1.1 million enrolled MFA users, out of a target population of 5 million mobile banking app users.

"The security model of the Internet is a legacy model, a dying model, based on information that is known -- your password or your high school mascot, for instance -- all of which is readily discovered from data breaches or from Facebook," notes McAlum. "Getting away from 'information that is known' is imperative to us."

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.