FB pixel

Passwordless authentication does not equate to biometrics in the workplace

Passwordless authentication does not equate to biometrics in the workplace

The enterprise IAM movement towards passwordless authentication does not appear to drive uptake of facial recognition in the workplace. Instead, organizations are harmonizing around a common set of methods and modalities.

In 2015 Microsoft announced that Windows 10 would feature an entirely new authentication framework called Hello which includes the ability to enable biometrics such as facial and fingerprint recognition as a native method of authenticating end users.  In the seven years since and the release of Windows 11, Microsoft says that more than 150 million people worldwide use biometrics to access work and there are over 1.4 Bn active Windows devices and PC globally. This represents about 11% of the entire Windows ecosystem.  While it is unknown the division between face and fingerprint, its largely believed that fingerprint is the leading biometric method in use.

In 2017 Apple announced that the iPhone X and iPad Pro would feature FaceID as the native method of authenticating users and a successor to TouchID their previous fingerprint authentication technology.  And while Apple doesn’t publish enterprise use data there are 1.8 Bn active Apple devices globally—its estimated that 50% use FaceID. In contrast, the new Mac line of laptops continue to feature TouchID and Apple executives have no plans to add facial recognition to their lines of personal and professional grade laptops.

It turns out that despite the potential of biometrics in workplace, the most widely used combination for passwordless and multi-factor authentication in the enterprise is leveraging a smartphone as the second authentication factor to enable access workplace applications.

The three common authentication methods are mobile authenticator apps (such as Microsoft Authenticator and Google Authenticator), push authentication (tap to approve/deny), and SMS-based one-time codes, which despite their vulnerabilities and weaknesses persist.  For higher security requirements and environments, the movement towards passwordless doesn’t appear to be towards facial recognition or fingerprint either, but rather by using hardware-based devices (such as Yubikey and SecurID) and hardware-based security tokens instead.

Although there are a variety of country-level policies and regulations limiting and/or restricting the use of facial recognition and other biometric technologies, its relatively minimal use within enterprises appears to be pragmatic.  Organizations are implementing a more universal, repeatable authentication journey based on what people are already doing at the time, such as touching and typing, inline with the user flow of that experience.

About the author

Carla Roncato is the Founder of Authora Research and Evangelist at the OpenID Foundation. Carla was previously the primary analyst at the Enterprise Strategy Group (ESG) covering identity and access management, data privacy, and zero trust security. She has been featured in Computer Weekly, SG Magazine, TechTarget, Wall Street Journal and a keynote speaker at Trend Micro CloudSec Conference and Open Banking Security Summit. Find Carla on Twitter and LinkedIn.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Zambia, Namibia, Tanzania upgrade digital ID systems in concert with development partners

Zambia has carried out a major first step in its transition towards a modern legal and digital identity system, by…


Bermuda delays facial recognition deployment for national CCTV project

Bermuda’s government will not be deploying facial recognition capabilities in its CCTV system, at least for now, due to unspecified…


Florida Police deploy Idemia ABIS for latent fingerprint biometric analysis

Idemia Public Security North America has announced the implementation of its automated biometric identification system, Storm ABIS, by forensics examiners…


Limit to accrual of biometric data privacy violation penalties a step away in Illinois

Illinois legislators have approved amendments to the state’s notorious Biometric Information Privacy Act to limit the definition of violations under…


AI deepfakes are wreaking havoc on an unprepared financial industry

The identity of the firm targeted in a deepfake video scam that resulted in the loss of US$25 million has…


Estonia picks Zetes as digital ID electronic certificate provider

Estonia has awarded the tender for issuing electronic certificates for the country’s electronic identity to Belgium-based Zetes. The 10-year tender…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events