Has the death of the password finally arrived? Biometric authentication seems poised to supplant the ever-insecure username/password combination.
According to Help Net Security, 68 percent of European citizens surveyed by security firm Unisys said their trust level would increase if organizations leveraged biometric tools for multifactor authentication. But is trust the best measure of long-term security, or are biometric solutions just security breaches waiting to happen?
Benefits of Biometric Authentication
The Unisys survey found that consumers comfortable with technology were ready to ditch passwords in favor of biometrics, Help Net Security noted. Many respondents pointed to the benefit of no longer needing to remember, protect and regularly change passwords.
Sixty-three percent of those asked said they believe biometrics are more secure than current password and personal identification number (PIN) solutions. Meanwhile, 61 percent reported that they were most happy with fingerprint scans as a potential replacement and 41 percent said they prefer iris scanning.
Consumer expectations also play a role in the rise of biometrics, since users are prepared to wait just over 25 seconds for sign-in processes to complete. Fingerprint- and iris-based metrics should speed the authentication process, reducing user frustration.
Customer confidence varies by industry, with 51 percent believing banks would manage biometric data securely and 45 percent confident that the government would do the same. However, just 12 percent think social media companies would be so trustworthy.
As noted by TechTarget, biometric scanning may also offer a way to shore up trust in emerging Internet of Things (IoT) markets. By replacing stock permissions and poorly crafted passwords with reliable biometric scans, enterprises can tap the growing wave of public trust for persistent security measures tied to people, not passwords.
Downstream Concerns
But it’s not all smooth sailing for biometrics. Consider a recent Harvard Business Review article, which discussed the evolving role of Social Security numbers (SSNs) in the process of identification. While SSNs were originally designed to identify Social Security beneficiaries, they’re now used to verify identity and intent across multiple industries.
The same is undoubtedly true for biometrics. What begins as a way to access banking or government services will eventually be leveraged for different purposes, such as marketing. As HBR noted, facial scans, combined with behavioral analysis, can help predict consumers’ personality traits, habits and socioeconomic status.
This naturally leads to target-based marketing, but could also extend to more sinister activities, such as using biometric data to take over a one’s identity. Given the permanent nature of many biometric markers, the results of such a theft could be disastrous.
How Will Biometrics Impact the Future of Security?
Consumers are ready to trust biometrics and willing to hand over fingerprints or iris scans if they can ditch passwords. But technology constantly evolves, and the original intent seldom matches the eventual purpose. Ideally, the shift to biometic authentication comes with a commensurate commitment to regulations and the implementation of standards that clearly lay out how this data may be collected, used and, ultimately, destroyed.
The bottom line is that biometrics are coming. The question is where will it take consumer security?