Fingerprints, rather than passwords, are what more than a million financial services customers at USAA use to get online. Part of a trend toward multi-factor authentication (MFA), there is no stored list of passwords for hackers to steal.
REUTERS/Fabrizio Bensch
In 2014, San Antonio-based USAA became the first financial institution to roll out facial and voice recognition on a mobile app, says Gary McAlum, USAA’s chief security officer.

Thumbprint recognition followed a few months later.

A year after that, USAA had 1.1 million enrolled MFA users, out of a target population of 5 million mobile banking app users.
“The security model of the Internet is a legacy model, a dying model, based on information that is known — your password or your high school mascot, for instance — all of which is readily discovered from data breaches or from Facebook,” notes McAlum. “Getting away from ‘information that is known’ is imperative to us.”