Learn about Finom’s integration of FIDO2/WebAuthn for an enhanced user experience and security. Gain an insight into the future of financial safety.


Passkeys (FIDO2/WebAuthn) are necessary tools for ensuring your digital security. According to Verizon’s 2023 Data Breach Investigations Report, 83% of all data breaches are financially motivated. Of this huge chunk, 49% happened because of stolen credentials. Finom deals with financial transactions all over the world. Therefore, it’s very important to incorporate the latest technologies to protect our clients.

But what do these tools actually do? This article aims to provide a comprehensive overview. It includes technical aspects of passkeys, details on their practical implementation, and a look at the broader implications for the industry.

Passkeys: Understanding the Basics

To fully understand the value of this tech, you should first understand the fairly more technical terms that passkeys are known as FIDO2 and WebAuthn. The following paragraphs will shed some light on this matter.

What Is FIDO2?

FIDO2 is the general term used for all passwordless authentication open standards. With FIDO2, you can access devices through platform authenticators - such as biometry scanners - that are embedded into the device itself. Recognizable examples are fingerprint readers and face recognition. This means that you can go passwordless even without roaming authenticators - such as USB security keys - which act like a physical key and aren’t tied to any particular platform. This is thanks to the FIDO Alliance, an open industry association that has the main goal of eliminating user reliance on passwords.

FIDO2 is composed of two things: Web Authentication (WebAuthn) and Client to Authenticator Protocol (CTAP). In this discussion, we will only focus on the former, since it’s more relevant to the end user.

What Is WebAuthn?

Web Authentication API is built by the FIDO Alliance and World Wide Web Consortium to allow servers to authenticate users without using a password. Instead, it makes a public-private key pair that connects authenticators from applications like Apple’s Touch ID, so a password is not required. 

So, how does WebAuthn work within the FIDO2 framework? It’s pretty much the same as with CTAP, where the general purpose is to get rid of passwords. But the focus here is the server side instead of the user side. With WebAuthn, it’s much easier for a web service provider such as Finom to use strong authentication methods.

The Importance of Advanced Authentication in Finance

Remember how we mentioned that 83% of phishing is financially motivated? This means that hackers are mainly targeting the financial sector. Based on the information from VMWare’s Modern Bank Heists 5.0, it’s obvious that this particular sector is facing some unique challenges:

  • Hackers are getting more creative with targeting the financial sector. Instead of attacking directly, they implement something called island hopping. They go after constituents and associated third parties until they get to the real target.
  • Ransomware is seeing a comeback. 74% of banks experienced at least one ransomware attack, of which 63% actually paid the ransom.
  • They can’t just throw money at the problem. Many of the major financial institutions plan to increase their budgets by as much as 30%. But as we’ve seen, this doesn’t guarantee anything. Hackers may just discover new ways to exploit the systems.

Finom’s Adoption of Passkeys

Because of how dangerous the situation is getting, we know that industry and GDPR compliance won’t cut it. Finom has taken the important step of adopting passkeys into our services.

How Does Finom Implement Passkeys?

In the spirit of keeping things as simple as possible, Finom eliminates the need for passwords. This means there’s nothing to remember or lose, which limits potential vulnerability to phishing and hacking. Instead of a password, we use biometrics, something that’s uniquely yours and cannot be forgotten or lost.

How Do Finom’s Clients Benefit from Passkeys?

Clients who value ease of use will definitely love passkeys. It’s one less password to remember, ensuring that you can quickly access your account with no issues. Still, the major highlight of this technology is its ability to provide enhanced security. Phishing and unauthorized access attempts are rendered useless since the password alone won’t be enough to enter the app.

User Experience with Passkeys

Generally, the user experience with passkeys is positive. They make the login process seamless and secure. Industry-wise, passkeys eliminate operational costs for password databases and ensure bulletproof digital security.

It’s also worth noting that even if the phone is lost altogether, the passkeys are still synced in the cloud by Apple, Google, or Microsoft. This means you can just as easily use a different device to access your accounts.

Cybersecurity is evolving towards wider acceptance and usage of passkeys. With this technology, the human factor will have a smaller impact on digital safety. The same goes for users of financial services, including our clients at Finom.

The Future of Authentication in Financial Services

Today, you already see biometric authentication used on a lot of devices. We’re expecting that its usage will even be wider in the future, making this mode of authenticating even more prevalent, until it eventually becomes the norm. With more businesses in the financial sector seizing the power of passkeys, we hope that passwords will soon be a thing of the past. When it comes to money exchange, passkeys will most likely be used in place of passwords on a large scale.

Our priority is always to make our services as convenient and as safe as possible for all of our clients. We will always examine the value of emerging technologies and incorporate those that will improve the security of our services. In so doing, we hope to elevate the security standards of all users within the financial sector.

How Do Passkeys Work in Promoting Security in the Financial Industry?

Passkeys limit the vulnerability of users when they access their accounts. In the financial industry, this is becoming even more important because of the potential for financial losses. Using a passkey means there’s no password to phish, making it harder for anyone else but you to get in.

Hackers are getting more and more creative. By using modern authentication methods like Passkeys, we’re enhancing security while also improving the user experience. So, you’ll definitely see this implemented in more web services across various enterprises. To a safer future in the financial industry and beyond!

Receive the latest business and tech trends every week!

Enjoy the Highest Level of Security When Using Finom’s Services

Finom uses passkeys to ensure that only authorized persons get access to a Finom account. Do you want to learn more about Finom’s range of financial services? Check out the links under the Products tab at the bottom of the page. Additionally, if you want to know more about the sign in process at Finom, read our in-depth guide on passkeys.

The benefits of having higher requirements for access go beyond the financial industry. Limit the potential of phishing and hacking by using these modern authentication solutions for your personal accounts as well.


Is it possible to hack passkeys?

It’s nearly impossible to hack passkeys, since they are designed in a way that prevents them from being phished or stolen. Your passkeys are securely tied to your Finom account and are safely stored on your device. Unlike passwords, passkeys are resistant to hacking and are always protected.

Do I need a password manager app for passkeys?

No, you don’t need a password manager app for passkeys. They can be stored directly on most mobile and computer OSes, in hardware tokens, in built-in secure vaults, or on cloud services.

Is my biometric data (like fingerprints or facial recognition) stored on Finom’s servers?

No. We don’t store any biometric data from desktop or mobile devices. In fact, this kind of information never leaves your device.

How do passkeys protect against phishing and hacking attempts?

As a result of differences in domains, passkeys can’t be used on phishing sites. Cryptographic keys and challenges ensure that it’s really you who’s trying to gain access.

What happens if I lose my device or security key?

If one of the devices containing a passkey is lost, you can simply sign in to the account using another passkey. If you lose all of your passkeys, you can restore your password to regain access to the account.

Can I still access my account from a different device?

You can sign into your account using any device, as long as you are able to confirm your identity by using a passkey. For example, if you’re signing in on your computer, you can use a passkey from your phone.

Is there a backup method for logging in if the passkey method fails?

If you have lost access to all of your passkeys or are having any other type of issue regarding your passkey, you can always restore your password. By doing so, you can remove all passkeys and sign in as usual. In any case, our support team will do its best to help you regain access to your account.

Will passkeys work with all operating systems, browsers, and platforms?

According to FIDO Alliance, passkeys are supported by Microsoft Edge, Google Chrome, and Apple Safari web browsers. Android, iOS, as well as Windows 10 and higher also support passkeys. Since passkeys are integrated into these platforms, they also provide better support. It’s important to note that the iOS and Android versions need to be passkey-compatible. Some older versions of computer operating systems may also have trouble with passkeys, but for the most part they work well as long as the browser used is compatible.


Last articles