Why are biometrics better than passwords?
The adoption of biometrics for authentication has risen steadily over the past decade. This upward trend does not seem to be slowing down any time soon, as a recent Transparency Market Research report suggests.
Many factors sustain this growth, but the widespread belief that biometrics are better than passwords is undoubtedly one of them. Cybersecurity insiders have been calling for an end to the use of passwords for years, but they remain a common part of everyday life for most people around the world.
But why is this the case? We list here some characteristics that make biometrics preferable to passwords.
Biometrics cannot be forgotten or phished
Passwords can be forgotten. In fact, according to an old internet adage, “the only secure password is the one you can’t remember.” Forgetting passwords (or in the most secure cases, not noting them down somewhere safe) is often a cause of user friction due to cumbersome and slow password resetting procedures.
Passwords can also be phished by tricking end-users into clicking on malicious links or opening malware-ridden files.
Biometrics eliminates both of these issues simultaneously, as it is quite hard for users to forget how to show their faces or fingerprints to a biometric system.
Of course, in theory someone may be tricked into authenticating themselves into a malicious portal using biometrics. However, that is quite rare, as biometric technologies and systems typically come with various security layers.
Biometrics are inherently more secure
Case in point, biometrics are widely considered more secure than passwords. For instance, biometric data can be put through a non-reversible algorithm and centrally stored in a secure form.
Biometric systems can also rely on multimodal authentication, combining face, iris and finger biometrics to increase security levels exponentially.
Then there are behavioral biometrics, designed to measure users’ behavior patterns to continually authenticate users throughout the identification process.
Biometric authentication is quicker and more user-friendly
Biometrics are free from typos-related issues that affect traditional password-based authentication.
And while biometric systems may sometimes require more than one attempt to perform successful authentication, studies suggest biometric systems can save time in various scenarios, including air travel.
More generally, recent research efforts from SecureAuth and Pindrop suggest that frustration with traditional security measures like passwords is pushing IT professionals towards passwordless authentication and biometric systems for identity verification.
Biometrics are not for sale on the dark web (so much)
Passwords and other forms of knowledge-based authentication (KBA) have been for sale on the dark web in high volume for some time now.
According to a report from Digital Shadows, more than 15 billion stolen account credentials are currently available for purchase on cybercrime forums, with 5 billion of them considered unique.
Biometric information, on the other hand, is still not widely available on the dark web. And even though selfies holding an ID that can be used in biometric spoof attacks have been spotted on dark web forums, online service providers can implement presentation attack detection (PAD) and liveness checks to tackle the issue.
For instance, in May 2021, Acuant acquired UK-based identity verification and know your customer (KYC) provider Hello Soda to integrate biometrics with dark web checks.
More recently, ID R&D updated its software suite to spot ID documents purchased on the dark web.
Biometrics cannot be shared
Last but not least, password sharing is a real issue in the security world, with recent data by Survey Monkey suggesting one-third of U.S. adults share passwords or accounts with their coworkers.
Password sharing comes with a number of security-related risks, including attributability, particularly in the case of employees altering sensitive company data or making unapproved charges.