FB pixel

Why biometrics will let us forget passwords forever

Jason Tooley, Chief Revenue Officer at Veridium, comments on our passwordless future.
Why biometrics will let us forget passwords forever
 

In the next few years, forgetting passwords will be a problem of the past, with more and more organisations using biometrics for authentication. By 2022, 60 percent of large companies will reduce their dependence on passwords, according to Gartner. Microsoft employees, meanwhile, are already authenticating using biometrics, and UK banks are trialling fingerprint to authorise purchases.

Of the 41,686 security incidents covered in the 2019 Verizon Data Breach Incident Report, 32 percent involved phishing and 29 percent involved stolen credentials, showing that replacing passwords with biometrics is warranted. Businesses, employees and consumers need a less complex and more secure way to authenticate, and using biometric authentication provides both. The storage of sensitive biometric data have raised security concerns, however, when implemented correctly and with proper storage, biometrics have a prominent place in our passwordless future.

Use biometrics for security, not convenience

Often biometrics replay existing passwords – a popular method for unlocking smartphones and accessing mobile apps. However, the password isn’t removed from the authentication process and biometrics are used as a shortcut to authenticate. Using biometrics for authentication only works if passwords are fully eliminated from the authentication process. This is a fundamental step towards passwordless authentication, as if a password still lingers in the background, the risk of data breach remains.

To obtain the full benefits of passwordless authentication, biometrics need to be used for security, not solely convenience, which means implementing policies that completely remove passwords from the authentication process. This means never being asked to create a password, enter a password or reset a password. With real passwordless authentication, the only way a person authenticates is by using a combination of biometrics.

Your biometric isn’t like your password

Despite stories on how researchers fool biometric sensors, actually pulling off a spoofing attack is very challenging. Infiltrating a password is straightforward – an attacker can easily type stolen credentials it into a keyboard, but biometric images can’t be directly entered into a sensor, first, they must be converted into an object. Therefore to succeed at using stolen fingerprint images, a hacker would have to make moulds of a person’s fingers good enough to trick a biometric sensor.

Even in the event of faked biometrics tricking a smartphone’s fingerprint sensor, biometric authentication systems include additional security measures to guard against such attacks. This includes liveness detection, which requires blinking or moving a finger to prove that a human is authenticating in real-time, and behavioural biometrics, which uses artificial intelligence to incorporate how people interact with their smartphones into the authentication process.

Of course, such spoofing attacks aren’t an issue if attackers are unable to obtain the biometric images in the first place. This brings into question the issue of proper storage of sensitive biometric images, which must start with encryption. Next, the images should not be stored in a sole location, e.g. on both a server and a smartphone, which means that if attackers infiltrate one database, they’ll only obtain a portion of the biometric image, rendering the data unusable.

Rethinking the role of biometrics in authentication

Given the success rate, attackers are unlikely to stop using passwords as infiltration vectors. Protecting companies from attacks attributed to stolen passwords demands a new approach to authentication – one that replaces knowledge-based methods with biometrics. That means viewing biometrics as a security tool instead of as a mechanism to speed up authentication. When biometrics let us say goodbye to passwords forever, we’ll be a step closer to more secure enterprises.

About the author

Jason Tooley is chief revenue officer at Veridium, a developer of frictionless digital authentication which supports businesses to become more secure through the adoption of biometric authentication solutions.

DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Deepfakes a ‘now problem’ as EU AI Act passes compliance deadline: Reality Defender

First it was Joe Biden, Kamala Harris and Taylor Swift. Now it’s Scarlett Johannson, Emmanuel Macron and Italy’s Defense Minister…

 

OneID raises £16 million

UK digital verification service OneID has secured new funding amid a rise of interest in digital identity among the country’s…

 

Digital ID verification can make property transactions more efficient, less prone to fraud

In the UK, Russia, South Korea, India and Pakistan, biometrics are making their way into real estate transactions, as digital…

 

IDV experts ponder death and resurrection of document verification

Is document verification dead? The question hangs over a debate hosted by Peak IDV CEO, Steve Craig. Five industry experts…

 

Jamaica operationalizing national digital ID with data exchange platform

Jamaica will make its digital identity available to all of its citizens, Custos of Kingston Steadman Fuller said on Thursday…

 

Philippines looks to boost digital ID adoption with rebrand, more services

The Philippines is hoping to boost the acceptance of its national digital identity with a new rebrand. The country is…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events