April 20, 2015 -
The Guardian recently published a piece in which it asked some of the leading experts their views on when biometrics will replace passwords as the de facto authentication method.
Among the experts are Angela Sasse, professor at University College London and director of the UK Research Institute in Science of Cyber Security; Ramesh Kesanupalli, founder of Nok Nok Labs and vice president of the FIDO Alliance; Dr. Steven Murdoch, principal research fellow at University College London, and security architect at the Vasco Innovation Centre, Cambridge; and Starbug, security researcher at Telekom Innovation Laboratories.
Sasse points out how employers and service providers have begun realizing that people are tired of remembering multiple passwords as it disrupts their flow and wastes time.
And while some security experts have raised concerns about the security of using biometric authentication solutions, many people prefer this type of authentication method, says Sasse.
“While some security experts may be concerned about the use of fingerprints on their own, for customers it is a welcome escape from the struggle with passwords and the widely disliked two-factor authentification the banks inflict on the,” says Sasse.
Kesanupalli addresses the industry being “at an inflexion point where biometrics are ready for consumer-scale adoption both from quality and cost standpoints.”
He says that the industry will continue to see more FIDO-enabled services in the next 18 to 24 months, but despite this heavy biometrics presence, “passwords will still be there as a recovery process” for a “considerable amount of time.”
“There is no single type of authenticating solution that is going to be number one in the market,” says Kesanupalli. “There is going to be a heterogeneous environment. FIDO Alliance brings all of them together.”
Murdoch discusses the fact that while biometrics show considerably potential, but “only as part of an authentication solution which optimises security, privacy and convenience.”
He points out that biometrics are “continually exposed”, and that there is a lot of work to be done before it will become an accepted and fully secure authentication method.
“We need to ensure that authentication solutions accept only biometrics shown by a real person (not recorded ones), that individuals can choose who they authenticate to and for what, and that everyone’s privacy is protected,” says Murdoch.
Finally, Starbug emphasizes that while many industry participants champion the security of biometric systems over passwords, “biometric systems are not that much more secure than long passwords”.
Additionally, he points out that “if your biometric feature is stolen or lost you can’t get a new one.”
“You leave biometric traces on things you touch and show your features in public,” says Starbug.