Intellicheck Identity Verification Report June 2024 Banner

MultiFactor Authentication Meets Passkeys To Address eCommerce Usability Concerns

multi-factor authentication on laptop

When it comes to payments and digital commerce, proper security is a necessity.

And with the news that Amazon Web Services (AWS) is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, striking a productive and seamless balance between user experience and security is top of mind for businesses operating in the modern, digital economy.

That’s because, in today’s commerce landscape, security alone isn’t enough — any protections need to be integrated frictionlessly into the user experience, too.

After all, traditional security protocols, while secure, often fall short in terms of usability, leading to poor adoption rates. For instance, complex password requirements can result in users creating easily memorable, and therefore weak, passwords. Usable security, like the embrace of MFA, helps to address this issue by ensuring that security measures are intuitive and easy to use, thereby increasing compliance and reducing vulnerabilities.

“Passkeys are more resistant to phishing attacks than passwords,” Sébastien Stormacq, principal developer advocate at AWS, wrote in a recent blog post. “First, it’s much harder to gain access to a private key protected by your fingerprint, face, or a PIN code. Second, passkeys are bound to a specific web domain, reducing the scope in case of unintentional disclosure.”

MFA is the among the simplest and most effective tools that can be deployed against credential-based attacks, particularly credential stuffing, credential spraying, and brute-force type of attacks.

And by enhancing protection against cyber threats, mitigating human error, and building customer trust, businesses can contribute to raising the overall level of security in the digital commerce ecosystem, benefiting everyone involved.

Read more: The Passkeys Primer: Making Sense of the New Security Paradigm

The Imperative of Usable Security and Cyber Hygiene

Multi-factor authentication is a cornerstone of usable security. MFA requires users to provide two or more verification factors to access an account or perform a transaction. These factors can include something the user knows (a password), something the user has (a smartphone or security token), and something the user is (biometric verification such as a fingerprint or facial recognition). This layered approach significantly enhances security by making it much harder for unauthorized individuals to gain access.

“What you want is a system that is designed to let in good actors as easily as possible, and that presents enough of a barrier to deter bad actors,” Siddharth Vijayakrishnan, SVP of product and financial intelligence at FIS Platform and Enterprise Products, told PYMNTS.

AWS, per its statement, is allowing customers to use Apple Touch ID on their iPhones, as well as Windows Hello on their laptops, as an authenticator, then use that same passkey as an MFA method to sign in to their AWS console across multiple devices.

“We’ve all had times when you try to buy something and it doesn’t go through and you have to call your bank and they tell you there’s something suspicious about the transaction,” Mark Nelsen, senior vice president and global head of consumer payments at Visa, told PYMNTS CEO Karen Webster in mid-May. “With Passkeys, if you do the facial scan immediately upfront, you can do that real quick check. That means all these transactions will go through seamlessly and you no longer have to confirm your identity after the fact.”

Read more: Digital IDs and Biometrics Upgrades Define Future of Transaction Security

The Role of MFA in Future-Proofing Digital Commerce

In the digital marketplace, trust is a valuable commodity. Customers are more likely to engage with and remain loyal to businesses that demonstrate a commitment to protecting their data. Implementing robust security measures like MFA and educating users about these measures can significantly enhance customer trust. This trust translates into increased customer retention and a stronger reputation in the market.

After all, knowledge is power. When users understand the importance of cyber hygiene and how to implement it, they are more likely to take ownership of their security.

PYMNTS Intelligence has found that the widespread adoption of passkeys by Google, Microsoft and Apple has generated excitement about the move away from passwords.

And ultimately, when businesses collectively prioritize usable security and cyber hygiene, it sets a standard for the entire industry. This collective effort can make it more difficult for cybercriminals to succeed, creating a safer environment for all participants in the digital commerce ecosystem. As more businesses adopt these practices, they contribute to raising the overall level of security in the industry, benefiting everyone involved.