FB pixel

Passwordless authentication does not equate to biometrics in the workplace

Passwordless authentication does not equate to biometrics in the workplace
 

The enterprise IAM movement towards passwordless authentication does not appear to drive uptake of facial recognition in the workplace. Instead, organizations are harmonizing around a common set of methods and modalities.

In 2015 Microsoft announced that Windows 10 would feature an entirely new authentication framework called Hello which includes the ability to enable biometrics such as facial and fingerprint recognition as a native method of authenticating end users.  In the seven years since and the release of Windows 11, Microsoft says that more than 150 million people worldwide use biometrics to access work and there are over 1.4 Bn active Windows devices and PC globally. This represents about 11% of the entire Windows ecosystem.  While it is unknown the division between face and fingerprint, its largely believed that fingerprint is the leading biometric method in use.

In 2017 Apple announced that the iPhone X and iPad Pro would feature FaceID as the native method of authenticating users and a successor to TouchID their previous fingerprint authentication technology.  And while Apple doesn’t publish enterprise use data there are 1.8 Bn active Apple devices globally—its estimated that 50% use FaceID. In contrast, the new Mac line of laptops continue to feature TouchID and Apple executives have no plans to add facial recognition to their lines of personal and professional grade laptops.

It turns out that despite the potential of biometrics in workplace, the most widely used combination for passwordless and multi-factor authentication in the enterprise is leveraging a smartphone as the second authentication factor to enable access workplace applications.

The three common authentication methods are mobile authenticator apps (such as Microsoft Authenticator and Google Authenticator), push authentication (tap to approve/deny), and SMS-based one-time codes, which despite their vulnerabilities and weaknesses persist.  For higher security requirements and environments, the movement towards passwordless doesn’t appear to be towards facial recognition or fingerprint either, but rather by using hardware-based devices (such as Yubikey and SecurID) and hardware-based security tokens instead.

Although there are a variety of country-level policies and regulations limiting and/or restricting the use of facial recognition and other biometric technologies, its relatively minimal use within enterprises appears to be pragmatic.  Organizations are implementing a more universal, repeatable authentication journey based on what people are already doing at the time, such as touching and typing, inline with the user flow of that experience.

About the author

Carla Roncato is the Founder of Authora Research and Evangelist at the OpenID Foundation. Carla was previously the primary analyst at the Enterprise Strategy Group (ESG) covering identity and access management, data privacy, and zero trust security. She has been featured in Computer Weekly, SG Magazine, TechTarget, Wall Street Journal and a keynote speaker at Trend Micro CloudSec Conference and Open Banking Security Summit. Find Carla on Twitter and LinkedIn.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

London to introduce permanent live facial recognition cameras

London police have announced their plans to install the UK’s first permanent live facial recognition cameras, catching potential criminals by…

 

UK govt not giving up on Voter ID for 2025 local elections

Removing voter ID from the UK’s elections is not on the table, Minister for Homelessness and Democracy Rushanara Ali confirmed…

 

China strengthening face biometrics regulation to mandate choice, consent

China’s boom in selfie biometrics and facial recognition may already have peaked, with new regulations published so businesses can plan…

 

Intellicheck, Raonsecure invest in new IDV markets for steady growth

Market and investment strategy loom over the latest set of financial results from digital identity and biometrics providers. Intellicheck credits…

 

Facial recognition tender for Toronto police draws interest from major vendors

Eleven biometrics providers, including large international firms, are vying to provide Toronto police with a new facial recognition system, which…

 

OBIM spec enables vendors to build products to interact with DHS biometric system

The U.S. Department of Homeland Security (DHS) has opened its specification for interacting with the nation’s largest biometrics database to…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events