NAB expects to phase out passwords for internet banking within the next five years, replacing the security measure with passkeys and biometric recognition technology, and this approach has already begun at Ubank.
In an interview with the Sydney Morning Herald this week, NAB Chief Security Officer Sandro Bucchianeri said passwords were becoming increasingly risky in a digital world where cybersecurity breaches are more widespread and identity theft is on the rise.
NAB’s digital bank Ubank has introduced passkeys, a next generation authentication and login method, for customers to simply and securely access their banking app.
Ubank joins a growing number of international online services and payment providers, along with Australian organisations and government agencies, using passkeys.
Once a passkey is created, customers can log into the ubank app in the same way as they would to unlock their mobile device, using fingerprint or facial recognition, a PIN, or swipe pattern.
It uses the trusted device ecosystem of the customer and helps to protect customers against impersonation scams and data breaches because passkeys are never shared with other platforms or websites.
Since June, Ubank’s new-to-bank customers already use passkeys to log into the app. Over the last four months, Ubank has been rolling the technology out to its existing customers who now have the option to set up passkeys via their security settings.
Ubank CEO, Philippa Watson, said: “As part of our digital banking strategy, we are focused on delivering simple and secure digital experiences for our customers who we know want to do their banking in the palm of their hands.”
“We’re proud to be among a growing number of local and global organisations that are introducing passkeys to our customers. It’s just one of the measures we have in place to keep our customers secure, and to protect them against fraud and scams,” she said.
NAB Chief Security Officer, Sandro Bucchianeri said the bank was continuing to invest in and improve its systems to help protect it, and its customers, in the fight against malicious cyber activity.
“When it comes to cyber security and the use of passwords, vigilance is key. Trying to strike the right balance between security and usability is something we’re constantly striving to achieve, but we will always put the security of our customers, and the bank first,” Mr Bucchianeri said.
“Passkey technology is a new way to log in without using a password. Instead of typing something you have to remember, your device proves it’s you by using something you already have – your fingerprint, face, or a secure code on your phone. It’s like having your house automatically unlock when it recognises you – no keys to carry, lose, or steal.
“Unfortunately, we know many people use the same password across multiple sites and platforms which increases their risk to scams and fraud if that password is lost in a cyber attack and sold to other cyber criminals. Passkey removes this risk.
“It’s why we always encourage people to have strong passwords that are unique for each website or platform they use.”
Ubank’s move to passkeys reflects the views of its target customer demographic. In recent research commissioned by the bank, Australians aged between 18 and 43 reported that one of the most effective ways for banks to prevent scams was through encryption and secure authentication to protect their data (52%).
This was in addition to monitoring systems to detect unusual or suspicious activity (56%), additional verification for high-risk transactions (53%), and education about common scams and fraud tactics (40%).
About the research
All figures, unless otherwise stated, are from YouGov. Total sample size was 1311 adults. Fieldwork was undertaken between 31st May – 6th June 2024. The survey was carried out online. The figures have been weighted and are representative of all Australian Gen Z and Millennials (aged 18 to 43).
