 We did the study and as part of the authentication working group on the effect of a stronger authentication on digital financial services. The idea here is we need to protect financial transactions and the password on its own, it's weak and it's not good enough as a security mechanism for preventing fraud and other account takeover and other stuff. So there are multiple ways to really get rid of the password. Today in the industry, there isn't a standard definition of what password authentication is and so many implementations, the password is hidden where there is a cookie or a cache that act on behalf of the password. So the way they do it passwordless is by basically mimicking the deployment or the entering of the password in an interaction and the user does not have to re-enter the password. It's good, those techniques for places where you have a small phone, small screen, the idea of doing the password entry, it's really not user friendly. A lot of those rely on the use of biometric on the devices like the Apple devices where it just opens the vault and inside there is a token that relates to the password. Those solutions are really not good in general because the security risks as associated with the password are then present and they don't really solve the main problem that victims of phishing emails do suffer. The problem with reliance on the password whether you are hiding it or not is in the ability that you could lose it if there is a phishing attack and if you just disclose your password to some site that authentication using your credentials is basically done behind your back and you are not aware of it. So the security of that system become a function of what the ruling party has done to detect such activities and in so many cases the detection happened after the damage has been done. So what you need is security solutions that eliminate the password and it relies on the underlying technology in the ability to prevent phishing attack and replay attacks and this is what we should focus on. So within the ITUT and within also the VG SIT working group and the stronger authentication working group we did focus on a core technology that's up and coming and it's becoming very well accepted. It's basically the FIDO Alliance Technologies. The FIDO solution is a strong authentication solution that relies on PKI technology to ensure the security of logon transaction and this is up and coming and the way it is progressing nowadays it's becoming a factor standard and supported by almost every manufacturer whether it is at the browser level or at the mobile device level. So the affordability of the solution is up and coming because it's going to be cheap, it's going to be ridiculous, it's going to be out of the box supported and this will ensure that the cost of interoperability and adoption is low. This FIDO there are two flavors of it. One is related to the browser and it's called WebOSN and there is also the CTA protocol which uses a third device or an external device to to secure the public private keys that are related to the logon process. These are because they became ITUT recommendations and they are also adopted. They are XDOT 277 and XDOT 278 and they are international standard. So this is one way of promoting better security through passwordless security and using it in a way that's affordable because of massive options. A lot of the reports that came from the SIT got submitted to the SAP Group 17. Those reports are being incorporated in some of the recommendations. In particular those that are like some related to decentralized identity. Some are related to the stronger password type solution and they have been done in the question that I got shared. There is a new work item now in question 10 which is basically it focuses on main and methods for supporting and ensuring that passwordless authentication is secure. It discusses about the risks of password, the history of passwords, how passwords can be defeated and currently what are the collection of solutions that claim to be passwordless and also it goes to stating what really need to be done to provide a true passwordless solution that is secure and how to bend it. So we are working on these new recommendations as we speak.