FIDO Approach, Biometrics Keep Secrets from Mobile Malware

As concerns rise over mobile banking malware, Nok Nok Labs is highlighting the advantages that its authentication strategies—and those of the FIDO Alliance—offer in combating related fraud.

FIDO Approach, Biometrics Keep Secrets from Mobile MalwareWritten in response to a Wall Street Journal feature on such security issues, a new blog post by Todd Thiemann on Nok Nok Labs’ website points out FIDO’s approach to security can effectively counter one of the main attack vectors for mobile banking malware: The secret, such as a password, shared between the user and the financial institution.

While malware can seek to hack that secret from the financial institution’s end, the FIDO approach requires that the private ‘keys’ used to sign such secrets are on the user end. That means the user’s secret can’t be hacked without access to her device. For Nok Nok Labs, with its S3 Authentication Suite, that private key could be in the form of biometric authentication, such as a fingerprint scan. That makes the approach even more secure, since biometric data can be very difficult to emulate or spoof.

It’s an approach that is being embraced by a growing number of organizations, and it’s easy to see why, given the fundamental simplicity of its underlying logic that ensures only the user has what is need to access sensitive data.