BEHIND THE NUMBERS: Building trust through secure and seamless experiences

Introducing password-less authentication for web banking is groundbreaking for Australian banking. By integrating our cutting-edge biometric security technology on the ANZ Plus app and Passkeys across platforms, we are making banking more secure and convenient for our customers. 

"Passkeys eliminates the need for users to store security credentials like passwords and is a first by any major Australian bank.” - Gabe Steele

Most importantly, by replacing passwords with stronger authentication methods, we aim to seriously disrupt the business model of cybercriminals who rely on phishing, data breaches, and password leaks to target customer details.

In the coming months, ANZ Plus Web Banking will introduce a secure login process that makes memorising passwords a thing of the past. 

Customers will be able to access their ANZ Plus Web Banking account using a passkey – such as a fingerprint, face, or mobile device PIN – or by entering their mobile number and approving a login request sent to their secure ANZ Plus app. 

This is made possible by rapid developments in authentication, eliminates the need for users to store security credentials like passwords and is a first by any major Australian bank.

Defining the problem

Passwords have long been a weak link in online security, particularly for bank customers in Australia.  

For decades, passwords have been the default method for verifying identity online.  But they come with significant challenges.  Customers often reuse them, forget them, or choose combinations that are easy to guess.  

Meanwhile, phishing and credential-stuffing attacks have become more sophisticated, making passwords a common target for fraud.

Passwords are renowned for often being simplistic, often commonly used across a population.  Where harder and longer passwords are enforced, they’re also increasingly difficult to remember. This helps go some way to explaining why 94% of passwords are reused or duplicated across multiple accounts, increasing the risk of a single breach compromising multiple services.  Even where passwords are unique and strong, they remain susceptible to phishing attacks, where cybercriminals trick users into providing their passwords via deceptive emails or websites. 

And just in case you still don’t think passwords are an issue, in 2024, the Australian Cyber Security Centre (ACSC) reported that phishing was the most common type of cybercrime, accounting for 39% of all cybercrime reports; the Office of the Australian Information Commissioner (OAIC) noted that 31% of data breaches were due to compromised credentials, including those obtained through phishing attacks and Australians lost over $84.5million to phishing scams in 2024.

It’s clear, passwords are simply no longer fit for purpose in modern, digital banking.

Finding a solution

Thankfully, with advancements in technology, there is a path to a more secure and user-friendly authentication experience.

Rather than continue to make passwords more difficult for fraudsters to guess (and for customers to remember!), we set ourselves a mission to eliminate the risk of phishing by removing the need for a password, altogether.

Leveraging our secure ANZ Plus app, customers will be able to login to ANZ Plus Web Banking with confidence, authenticating their login request from within the safety of the ANZ Plus App. It’s easy to use and something that they’re already familiar with.

Alternatively, customers will be able to login to their device using Passkeys, which leverage public key cryptography to provide a robust alternative to passwords. When a user registers for Passkeys, a pair of cryptographic keys are generated: a public key stored on the service's server and a private key kept securely on the user's device. 

This means that as a customer, I can easily login with my face, touch or device pin (or a secure key) and ensure that the private key never leaves the user's device, making it nearly impossible for attackers to intercept or steal credentials.  

The result? No more having to remember another complex password. No more reset emails. No more guessing which special character you used. 

Just faster logins, less friction and stronger protection against scams and fraud.

Security and simplicity, together

In addition to our many layers of protection (including behavioural biometrics, Selfie ID through to our Fraud Detection platform, and our beloved Falcon), ANZ’s password-less technology helps remove weaker methods of authentication and offers customers greater control in their security experience.

It ​follows the release of our ANZ Scam Safe security controls, which include Geolocation and Active Call Status for dating and romance scams, Screen Share Protect for bank impersonation scams, and Crypto Protect for investment scams.

Customers who keep Scam Safe's default settings on are 34 times less likely to fall victim to scams, with the Crypto Protect feature alone preventing approximately $5.5 million in investment scam payments since its launch in 2024.

In November last year, we also released ANZ CallSafe for ANZ Plus, which helps to ensure our customers know that it’s the bank calling and service teams can verify that the person they are speaking to is who they expect without having to ask for personally identifiable information. Since this feature went live, CallSafe has been used to authenticate customers more than 20,000 times.

And around mid-year, the ANZ Digital Padlock will be launched giving ANZ customers the ability to instantly ‘lock down’ access to their accounts if they suspect they are being targeted by cybercriminals. 

Where to from here

We’ve already taken important steps towards password-less banking through biometric authentication on our secure, ANZ Plus App.  Expanding this approach to ANZ Plus web banking is a natural evolution - one that puts customers first by offering secure, intuitive ways to interact with their money.

But this is more than a technological shift - it’s a step toward smarter banking.

As digital threats evolve, so must the ways we protect our customers. Password-less authentication offers a future where security feels effortless, not intrusive.

We see this as an opportunity to lead with innovation, building trust through experiences that are both secure and seamless.  

It’s not just about removing passwords - it’s about redefining what safe, modern banking looks like.

Gabe Steele is General Manager, Customer & Identity Services at ANZ