VinCSS Cyber Security Services Joint Stock Company has just announced its first report on the authentication experience on banking applications in Vietnam. The results were conducted through an online survey of 2,039 people from the beginning of March 2025 to September 15.
The survey results show that there is a strong shift from traditional to modern authentication methods in the ecosystem of Vietnamese banks. Accordingly, traditional authentication methods such as passwords, flashcodes and SMS OTP still account for a large proportion, but have begun to make room for more modern methods such as biometrics, passkey/FIDO2, digital signatures.
Most users still log in to the banking application with a password. Meanwhile, battery codes and OTP types continue to play an important role in transaction verification activities.
Biometrics is the most popular authentication method for high-risk tasks such as transfer, payment, changing personal information, as well as connecting bank accounts with other applications.
Meanwhile, passkey/FIDO2 and digital signatures are more advanced authentication technologies but the frequency of use is still low. However, the trend of modernizing authentication in banks is easily seen.
According to analysis from VinCSS's cybersecurity experts, through the survey, users are particularly concerned about data theft or forgery, especially biometric data. The concerns that can be mentioned are that using photos can still scan the face, not sensitive biometrics, deepfake, password disclosure, wearing masks can still scan the face...
According to the analysis, risks from biometrics do not lie in the technology itself but in the context of use. The core of the biometric controversy revolves around the possibility of being stolen, forged...
In an online environment such as controlling entries and exits using physical equipment, the risk of forging biometric authentication is lower due to the requirement of presence and multi-layer contact. However, in the online environment, the risk of biometric forgery is higher such as deepfake, voice forgery...
From that reality, experts recommend combining biometrics with passwordless authentication according to FIDO2 standards, to ensure safety and minimize data theft.
In this way, in modern FIDO2 standard systems, biometrics is only used as an additional authentication method, to locally unlock private locks, stored securely in users' devices. Biometric data must never leave the device or be stored centrally in the online environment, helping to minimize risks or misuse.
At that time, biometrics is no longer an easy-to- exploit weakness but becomes an enhanced, convenient, powerful and private protective layer for end users.
FIDO2 authentication standard issued by the World Online Authentication Alliance (FIDO Alliance) is the safest authentication method for users today. FIDO2 aims to eliminate the difficulty of remembering too many passwords for end users, eliminating the risk of fake attacks and cyber attacks that take over accounts.
