For more than four decades, passwords have been the dominant mechanism used to authenticate users in the digital world. From email access to online banking platforms, the combination of username and password became the universal standard for digital security.

However, the current cybersecurity landscape shows that this model has reached its limits.

The rapid growth of phishing, credential theft, AI-assisted social engineering and deepfake attacks has turned passwords into one of the weakest links in digital security.

As financial services, e-commerce platforms and digital public services continue to expand across Latin America, protecting digital identity has become one of the most pressing challenges organisations face.

The structural problem with passwords

The main weakness of passwords is not technological — it is human.

Users reuse passwords, create weak combinations, or share credentials across multiple services. Cybercriminals are fully aware of this behaviour and have developed attack methods specifically designed to exploit these vulnerabilities.

Today, a large proportion of security incidents originate from compromised credentials.

Attacks such as:

• phishing
• credential stuffing
• account takeover
• social engineering

continue to be responsible for a significant share of data breaches worldwide.

The situation has intensified across Latin America. According to Kaspersky’s Threat Landscape report, phishing attempts reached record levels in the region, with 1.291 billion attacks blocked over the last twelve months, equivalent to around 3.5 million attempts per day.

The shift towards a passwordless world

In response to this growing threat landscape, a new authentication paradigm has begun to emerge: passwordless authentication.

This approach removes the reliance on passwords and replaces them with more secure and user-friendly mechanisms such as biometrics, device-based authentication or cryptographic keys.

Major technology companies and industry alliances are actively driving this transition. The FIDO Alliance, for example, brings together organisations such as Apple, Google and Microsoft to accelerate the adoption of passwordless authentication standards.

The goal is simple: to make digital access both safer and easier for users.

Decentralised biometrics: a new model of digital identity

One of the most promising approaches within the passwordless model is decentralised biometrics.

Unlike traditional biometric systems, where biometric data is stored in centralised databases, this model ensures that biometric information always remains on the user’s personal device.

This offers two major advantages:

• it eliminates the risk of massive biometric database breaches
• it links each digital transaction to the real physical identity of the user

In other words, authentication no longer depends on something a user remembers, but on who the person actually is.

How this model is being adopted across Latin America

Organisations across the region are increasingly exploring passwordless authentication models to better protect their digital services.

The financial sector has been particularly active in this transition. In Colombia, for example, the financial system faces an average of 43 cyberattacks per second, while digital fraud in financial services increased by 39.3% during the first half of 2024, according to data from Asobancaria and TransUnion.

In response to this environment, B-FY has been working with regional technology partners to accelerate the adoption of authentication models based on real human identity.

Examples include collaborations with companies specialising in cybersecurity and digital infrastructure such as:

• ASISA, which integrates decentralised biometric authentication to protect financial transactions.
• FOUR1, which promotes passwordless authentication models for organisations operating critical technological infrastructures.
• Techcore Solutions, which incorporates this approach within its cybersecurity and digital infrastructure solutions.

Through these collaborations, organisations gain access to an Authentication as a Service (AaaS) model capable of validating identities within seconds, eliminating passwords and strengthening trust in digital services.

The future of digital authentication

Passwords will not disappear overnight. But the trend is clear.

As cyber threats continue to evolve and users demand simpler digital experiences, traditional authentication models are gradually being replaced by approaches that focus on verifying the real identity of individuals.

The transition towards a passwordless world has already begun.

The real question is no longer whether it will happen — but how quickly organisations will be ready to adopt it.

Frequently Asked Questions about passwordless authentication

What is passwordless authentication?

Passwordless authentication is a method of verifying user identity without relying on traditional passwords. Instead, it uses technologies such as biometrics, device-based authentication or cryptographic keys.

Why are passwords vulnerable?

Passwords depend heavily on human behaviour. Users often reuse them, create weak combinations or fall victim to phishing attacks, making them an attractive target for cybercriminals.

What are decentralised biometrics?

Decentralised biometrics is an authentication model in which biometric data remains stored on the user’s personal device rather than in centralised databases, significantly reducing the risk of large-scale data breaches.

What are the benefits of passwordless authentication?

Passwordless models provide several advantages:

• stronger protection against phishing and credential theft
• improved user experience
• reduced identity fraud
• better compliance with data protection regulations

Want to learn more? Request a free demonstration here