Case Study:

First Citrus Bank


Top community bank achieves a secure, streamlined MFA experience by eliminating passwords across its workforce, reducing IT costs and stopping credential-based attacks.

Login Speeds
With a secure and seamless
login experience
Breach Reduction
By eliminating shared
in Credential Reset
Joe Kynion

After looking at countless authentication products, we decided that the best way to address our cybersecurity issues was HYPR’s passwordless multifactor solution.

- Joe Kynion

VP Information Technology, First Citrus Bank

The Challenge

First Citrus faced a sharp rise in costs and help desk volume after an attempt to strengthen its authentication protocols with complex passwords. In response, the bank’s IT and Infosec leadership established a directive to streamline the login experience and completely eliminate the use of passwords and shared secrets across their workforce. The team further mandated the deployment of the strongest FIDO-Certified authentication with user credentials securely decentralized on employees’ mobile devices. Specifically, that employees would be able to log in to workstation systems using a single mobile app without the need for a password. With access to sensitive financial information at stake, secure, frictionless login was an imperative.

Key Results

Rolled Out In < 1 Hour
Reduced IT costs
Eliminated use of shared secrets
Improved employee login speeds and overall experience
Stopped credential-based attacks

The Solution

The First Citrus team tested multiple FIDO authentication products but determined the user experience was too difficult and most still required a password. Then they turned to HYPR. HYPR provided First Citrus a True Passwordless™ solution with the simplest, most secure user-initiated authentication experience. The HYPR passwordless authentication mechanism leveraged the company’s existing Active Directory and domain controller infrastructure for a non-intrusive integration that was quick for their team to deploy and easy to manage and maintain. Today, employees across the bank use a white-labeled mobile application to access their workstations and corporate resources without ever entering a password. 

The Result

First Citrus immediately saw improvements in their security posture and employees’ experience. Deployment for the bank’s workforce was quick and simple. Within an hour session, workstations across the institution were able to use HYPR for the authentication process. The reduced friction allows employees to access resources more easily and work more efficiently while strengthening security. IT costs dropped since password resets and credential-related login issues were eliminated. The move to passwordless authentication significantly reduced the attack surface for First Citrus — shared secrets account for more than 80% of breaches. Phishing attacks that focus on credential harvesting and credential stuffing are no longer effective since the employee does not have a password to be stolen. As a result, the company’s IT and Security teams can focus their efforts on moving the company forward and accelerating digital transformation. With the elimination of passwords, employee satisfaction has skyrocketed — the frustration of forced password changes and frequent resets no longer exists.