By Joshua Frisby, Founder of PasswordManagers.co
From Face ID to scanning your fingerprint to unlock your phone, biometric authentication is weaved into almost every device that we rely on. It has been so seamlessly integrated that it has become somewhat second-nature in the digitally dominant world that we live in.
While not needing to enter, or remember, a password is extremely convenient, we must ask: Will biometric authentication replace traditional passwords altogether? And most importantly: Is it safe?
We have become so accustomed to using biometric authentication but the truth is that while biometrics offer many advantages, it also comes with several drawbacks. Let’s take a closer look.
Is There a Need to Replace Passwords?
Login details and credentials are susceptible to theft and are often targeted by hackers. In fact, Verizon’s Data Breach Investigations Report concluded that up to 81% of data breaches are due to hackers being able to gain access by leveraging weak, reused, or stolen passwords. With the level of exposure to cybercrime dependent on where you reside, having a fool-proof method to login to your accounts is crucial to secure digital infrastructures, devices, and identities.
According to research conducted by LastPass, the average person can have up to 97 work-related passwords that they need to manage, and that’s not even including personal ones. It’s no shock that so many people reuse the same password, after all, we are only human. Unless you are a genius and have the world’s best memory, it’s highly likely that you are going to be able to remember so many, let alone come up with complex combinations to ensure you use unique strong passwords for each account.
With cybercrime on the rise, 55% of people would prefer a method of protecting accounts that don’t involve passwords. Enter biometric authentication.
What Makes Biometrics a Good Alternative?
Biometric data is unique to you, making it hard to steal and imitate. And so, biometrics is a serious contender for replacing passwords as the standard login method.
Not only are we familiar with using our biometric data (face and fingerprint) to unlock our devices and in some cases, a handful of accounts, they also make the login process effortless. There is no need to type usernames or long complicated passwords. Take mobile banking apps as an example, what could be more convenient than simply scanning your finger on a reader to see your account balance? Or, even simpler, look at your phone’s camera to unlock your device via the built-in iris scanner.
Source: Science Focus
While convenience is nice to have, security is the primary concern. Because biometrics are more difficult to replicate than passwords, hackers cannot obtain your sensitive data with a simple phishing attack. This makes hacking data that is protected with biometrics much more difficult than password-protected data.
We’ve touched on face-scanning but it is far more sophisticated than you may think. Facial recognition is rapidly gaining popularity and the algorithms that are used to analyze someone’s facial features are also becoming increasingly intelligent. For example, some facial recognition applications can differentiate a live subject from a picture, making it very difficult to spoof the facial recognition and gain unauthorized access to protected data.
Capital is another driving force behind the development of biometrics. The biometrics market is estimated to be worth a staggering $49 billion by 2022 and huge investments are being made in the development of new algorithms and systems to improve biometric accuracy.
Biometric authentication was first introduced to the mass market by smartphones such as the Apple iPhone and Samsung’s Galaxy range. Today, it is possible to use biometrics across a much broader range of applications. However, biometrics are not limited to devices and software, we can also use them to access physical spaces like our homes. This versatility makes for a better overall authentication method than passwords, especially when speed, ease of login, and security are all concerns.
If biometrics are a better authentication method, why are we still using passwords? The answer is that biometrics are not perfect and they do have significant drawbacks that need to be addressed before we can fully embrace the passwordless revolution. While the technology is very promising and convenient, there’s certainly room for improvement before biometrics can claim to enjoy the same popularity that passwords do.
What Are the Drawbacks of Biometric Authentication?
While biometrics are very secure, they are also immutable.
It is important to remember that biometric data has to be stored somewhere for applications to use it as an authentication method. The problem is that if these databases were to be hacked, your identity could become compromised.
If your biometric data is ever compromised in one way or another, you could face serious repercussions. You can change passwords, you can’t change biometrics.
Since biometrics can’t be changed, it would be impossible to ensure the safety of compromised accounts once hacked. This is where passwords have the upper hand. If your password is ever lost or stolen, you can simply log in to your account and change your credentials to make it secure again. This process can be repeated over and over again.
Biometric authentication also comes with quite a few privacy concerns. Since biometrics inextricably link a user’s digital and physical identity, there are concerns that biometric data could be collected and abused by hackers. Since data privacy is a key concern, this could cap how widely biometric authentication is accepted as more people become aware of the potential downsides.
Source: Apple Insider
It is also important to note that biometric authentication systems have not been around as long as password-based systems. Consequently, they suffer from more bugs and growing pains. False positives or negatives occur frequently, and this can lead to frustration when an authorized user is denied access or, more seriously, when the wrong person is granted access due to a false positive identification. A research team from New York University created an artificial intelligence platform that was able to successfully recreate full fingerprints from partial prints. The recreated fingerprints were able to fool a biometric authentication system 20% of the time.
Last but not least, biometric authentication systems can often be biased against users who cannot easily submit biometrics. This includes handicapped people who may have experienced a change in their biometric details due to an injury. For example, a badly cut finger may lead to scarring that makes a fingerprint unrecognizable, and as a result, revokes access.
Passwords Are Here to Stay
Although the use of passwordless methods is on the rise, it seems that passwords will remain the mainstream authentication method for the near future. So, to make using passwords as simple and secure as possible, there are a few simple steps you can take.
The key to having optimal online security is to ensure that all your passwords are unique and complex. It’s easy to base your passwords on something that is of personal significance to you such as your birthday or the name of a loved one, but this makes passwords easy to guess and is a hacker’s dream.
Using a password generator to create complex passwords that cannot be guessed with ease is a simple and quick way to strengthen the security of your online accounts. But, to take the security of your passwords to the next level, you can store them in a fortified password vault cocooned in encryption. There’s a wide range of different password managers that can facilitate the secure storage of passwords whilst also offering the convenience of auto-filling credentials, making logging into sites as seamless as biometric authentication.
You should also ensure that you never write down your passwords, save them in spreadsheets, or share them over text or email. Hackers can easily exploit these unsecured methods. Changing passwords frequently also make your accounts more secure and helps to keep hackers at bay.
Although biometric authentication doesn’t appear to be replacing passwords in the near future, perhaps the best authentication method is a hybrid one in which passwords and biometrics co-exist to deliver a comprehensive security solution.
About the Author
Joshua Frisby is the Founder of PasswordManagers.co. His mission is to help you protect your passwords. Whether you want to securely manage passwords for personal, family, or business use, PasswordManagers.co is here to help you stay safe. Josh can be reached via email or LinkedIn.