As enormous data breaches become the disquieting norm, many customers and organizations are turning away from the use of the traditional username and password system and moving towards using biometrics—that is, distinctive physical identifiers of users—to secure their data. Global Market Insights predicts the market for these services will grow from $9.58 billion in 2015 to $31 billion by 2023.
These biometric forms of identification are more secure because they rely on characteristics that make a person unique. Additionally, rather than force a user to remember a login name and password, they allow users to carry their credentials with them wherever they go.
Biometrics are typically broken into two distinctive categories, physiological and behavioral. Physiological characteristics include fingerprints, DNA, iris, face, and (even) odor. Behavioral characteristics include typing rhythm, gait, and voice.
According to a study by Juniper, fingerprints are the most popular form of biometric identification, leading other methods such as voice recognition, facial recognition, and iris scanning by a considerable margin.
Similarly, a number of industry studies indicate that there is little interest in facial biometrics and observe that both users and organizations overwhelming prefer the use of fingerprint scanning technology. Why is that?
Most Familiar and Convenient
The popularity of fingerprints as identifiers is partially due to the fact that they are among the oldest and perhaps the most familiar form of all biometric identification methods. Their use has been a part of standard operating procedure in criminal investigations for most of the modern era and have been credited with solving cases that have long gone cold.
The use of fingerprints has been sustainable as an identifier historically because their patterns remain, more or less, fixed over time and are less susceptible to wearing and age. This stands in sharp contrast to other modes of identification such as faces and voice recognition, the latter being so malleable it can be changed temporarily even by illness.
Fingerprints are also popular because they are convenient. While millennials have a known fondness for “selfies,” taking one to log into an account requires more effort than pressing down one’s thumb. Similarly, speaking into a phone for a voice recognition login is not always convenient or easy, but using a thumbprint is both quiet and inconspicuous. Both face and voice recognition logins are extremely situational dependent; photos of faces don’t work in poor lighting and speaking into a microphone doesn’t always work in noisy environments.
Made Possible By Mobile
Biometric authentication offers a clear path forward to a more secure future but, until now, technology to support their full use has been lacking. This changed with the proliferation of high quality cameras, microphones, and fingerprint capabilities in modern mobile devices. Using biometrics in two-factor authentication has finally become cost effective and a viable option for moving beyond the username and password system.
Both Apple and Android now provide fingerprinting technology built into their mobile devices at the manufacturing level, opening up a world of possibility for meeting security needs. No longer do custom biometric solutions need to be devised from the ground up. Rather than reinvent the wheel, third parties can use the biometric capabilities integrated in users’ mobile devices for use in their own custom solutions.
Given this new option, security professionals have been provided with a better alternative to username and passcodes, and may mistakenly rely solely on biometrics for user authentication. Stronger security still necessitates the use of two-factor or multifactor authentication—i.e. using more than one attribute to identify users.
A viable option for doing this is coupling biometric information from users with attributes from the mobile device itself. There are thousands of identifying characteristics (such as the location, manufacturer, operating system, and others) within individual mobile devices. These attributes can be combined to form a unique permanent ID that can then act as a trusted second factor of authentication, in addition to biometric data. Operating in this fashion, mobile biometrics can offer the most modern and secure protection available on the market.
This is a positive development because the shortcomings of the username and password system have been well known for years. Bill Gates famously stated the problem ten years ago at the RSA Conference, calling them “the weak link” and urging the use of multi-factor authentication.
While it still is not possible to prevent a six year old from grabbing her sleeping mother’s finger to open her phone and purchase $250 worth of video games, biometric data combined with device authentication software marks a significant security improvement over the broken username and password system. Companies like InAuth recognize this and are seizing the opportunity to make transactions on mobile devices more secure while remaining “frictionless.”