Truist Financial Corporation wins the Celent Model Risk Manager Award 2023 for Responding to Emerging Risks for its Password Lock initiative.

Credential stuffing attacks, where fraudsters attempt to gain access to accounts by using stolen login details, now outnumber legitimate login attempts in the United States. This threatens the security of consumer accounts and puts stress on firms’ identity management infrastructure.

Truist’s patent-pending solution allows customers to turn off their password and instead use biometrics (on mobile phones) or a QR code (on PCs) to login to their accounts. Because the passwords have been “locked,” fraudsters cannot use stolen passwords to access accounts. This protects accounts from credential stuffing—one of the most common fraud tactics—phishing and other illegitimate access attempts.

While presented to customers as an option for strengthening the security of their accounts, the initiative is aimed at converting Truist’s client base from weak password security to stronger, zero trust security. By preventing fraud losses, promoting security awareness, and mitigating reputational risk, the project positions Truist as a leader in account security.