When it comes to security, enterprises cannot gamble with their customers’ personal data. For SK Telecom, with 14.14 million 5G subscribers by Q1 2023, reliance on traditional passwords simply won’t cut it.
Telecommunication services, being mission-critical, must ensure that their IT infrastructure can withstand various forms of cyberattacks. This is especially crucial now that malicious actors have more sophisticated tools and strategies at their disposal.
To fortify its PASS identity verification services, SK Telecom partnered with the FIDO Alliance, an open industry association advocating for better authentication standards. Frontier Enterprise spoke with Shin Kieun, Manager, Wallet Service Product Team, SK Telecom, and Andrew Shikiar, Executive Director and CMO, FIDO Alliance.
Previously, SK Telecom used passwords to authenticate users of its PASS app.
“Although its internal mechanisms differ from that of a typical password system, this method required users to register a six-digit passcode at the time of subscribing and enter the passcode when authentication is needed,” Kieun explained.
However, the telecom operator quickly recognised that their existing authentication methods posed several security risks, with authentication codes sent via SMS being susceptible to theft.
Lock and key
As a member of the FIDO Alliance, SK Telecom knew it had to step up its authentication methods to prevent exploitation by malicious actors.
Consequently, the telecom operator decided to replace its password-based authentication with passkeys.
“We observed that passkeys are an extremely secure form of authentication while offering greater usability than existing methods. By adding passkeys to our services, we aim to enhance security and convenience for our customers,” SK Telecom’s Kieun said.
Recognising the effort required to design and introduce a more secure form of authentication, SK Telecom decided to leverage an existing one built by FIDO Alliance.
“Firstly, the FIDO Alliance provided various guidelines to refer to when applying FIDO or passkeys. They also provided a number of developer resources to support the implementation of passkeys. These resources include code samples and technical specifications that simplify the integration of passkeys into various platforms and applications. Developers can use these resources to simplify the implementation process and ensure compatibility with the FIDO standard,” Kieun noted.
By receiving the user experience (UX) guidelines for applying passkeys, SK Telecom was able to introduce related technologies to the service more effectively.
According to Kieun, the UX guidelines of passkeys outline best practices, design principles, and user-centric considerations to ensure a seamless and secure passkey authentication experience for end users.
As soon as SK Telecom began implementing passkeys for its PASS app, the company quickly saw a significant authentication success rate.
“The authentication success rate of passkeys in the PASS app is very high at over 90%, which is significantly higher than that of passwords. According to a report released by Google, the average authentication success rate using a password is 63.8%,” Kieun revealed.
As a service provider, SK Telecom’s services and systems are closely monitored by various governmental organisations to ensure the highest level of security. With the adoption of passkeys (or FIDO), the telecom operator reduced the storage of users’ personal information, especially passwords, thereby making it less risky in terms of protecting their information.
“Adopting FIDO-based technology allows us to respond effectively to audits and minimise compliance risks. Moreover, the use of passkeys provides a solution to potential issues with mobile phone user authentication. For instance, it addresses problems that could occur when a mobile phone is lost or stolen, or when an SMS carrying an authentication number is intercepted,” Kieun added.
Indeed, legacy authentication solutions, such as passwords and one-time passcodes are no longer fit to address today’s security problems, FIDO Alliance’s Andrew Shikiar concurred.
“Malicious actors are getting better at disguising themselves as trustworthy entities to obtain sensitive data and personal credentials. Even the savviest of users can fall victim to well-designed phishing attacks,” he said.
Shikiar also highlighted the advantage of passkeys, which eliminate the need to remember complex passwords for multiple accounts, thereby effectively putting an end to password reuse.
“At the FIDO Alliance, we strive to reduce the world’s over-reliance on passwords and provide a simpler user experience with phishing-resistant security. We support passkeys, which provide faster, easier, and more secure sign-ins to websites and apps across a user’s device. Furthermore, they are always strong and phishing-resistant, unlike traditional password-based methods,” he continued.
Unlocking a safer future
Having experienced the ease and security offered by passkeys, SK Telecom plans to use it more actively to simplify user authentication.
“Alongside PASS, we aim to provide users with more secure login and authentication features by applying passkeys to various services provided by SK Telecom, such as a mobile electronic authentication service ‘initial.’ We are also currently working with global platform providers to make passkeys more usable and reliable, and we are looking forward to collaborating with members of the FIDO Alliance,” Kieun said.
Meanwhile, with Google’s recent implementation of passkeys for all Google accounts, the world is seeing an accelerated shift towards passwordless sign-ins, Shikiar remarked.
“It is encouraging to see the momentum of passwordless sign-ins extend beyond the global stage and is also gaining traction in the Asia-Pacific region. SK Telecom is the first company in Korea to adopt passkeys and is among the prominent providers who have embraced passwordless sign-ins in the region, including Yahoo! Japan, NTT DOCOMO, and Mercari in Japan,” he said.
The FIDO Alliance CMO hopes that these high-profile implementations will encourage more businesses and consumers to embrace passwordless authentication, in order to create a safer and more convenient shared digital environment.