It’s About Time: Biometrics Will Soon Replace Passwords

By:  |  Category: Blog, Security Friday, January 26th, 2018  |  No Comments

Technology brings us great rewards. It also brings big headaches, one of them being the password approach to identification. Fortunately, the end is near for password-only authentication as Biometrics grows in ease of use and affordability.

Unfortunately, biometrics won’t stop bad guys from being bad, but it will vastly improve security measures when combined with other technologies. In fact, the only reason biometrics aren’t in widespread use already, suggests Brian Witten, the global director of Symantec Research Labs, is that organizations haven’t recognized how easy and inexpensive it is to deploy.

IT departments need all the help they can get. Business users continue living in fear that their passwords and identity will be stolen, or that their IP will get put at risk. Even though ecommerce has proliferated with advances in connection speeds, the cloud, and delivery logistics, few, if any, websites use biometrics – even as the occurrence of headline-grabbing data breaches continues unabated with a third of all businesses now having suffered security losses.

But several forces have come into play that are expected to bring biometrics into widespread use.


Mobile has opened the door for other more standardized technologies to follow. Before Apple introduced the first fingerprint reader with the iPhone 5s in 2013, biometric readers were expensive, standards were sparse, and systems rarely interoperable. Others quickly followed suit, including Samsung. As smartphone makers leaned into the technology, they  shifted the cost to consumers, amortizing and lowering the financial barriers to deployment.

The rivalry and competition among smartphone makers has created a biometrics boom. By 2016, 40% of the 1 billion smartphones in the market came with biometric recognition; by 2020, it’s estimated that 100% of smart mobile devices will include embedded biometric sensors as a standard feature. Now that Apple and Samsung have introduced facial recognition to their flagship iPhone X and Galaxy 8S, it won’t be long before facial recognition becomes a staple, too.
Smartphones signal something even bigger and broader. The very nature of computing is changing, and that, too, spells the end of passwords, and perhaps even altogether.

“Roll the clock forward,” says Symantec’s Witten. “We’ll be wearing computers on our wrists and they’ll be in our glasses.”

Who knows where else they’ll reside. What we do know is this: We won’t be using keyboards to operate them. The logic is simple enough – no keyboards, no passwords.

New Platforms

Witten says one other wall to deployment is falling, too. Symantec has compiled several strong-authentication technologies into its cloud-based VIP service, which allows enterprises to use APIs to protect access to sensitive data and applications anytime, anywhere, from any devices. VISA International launched a similar service last October, called VISA ID Intelligence, aka VIDI, a “platform” that allows banks and merchants to adopt third-party authentication technologies using APIs and SDKs.

There are other signs that an inevitable move toward biometrics is on the way. Mastercard allowing its users to complete transactions by using a fingerprint and facial recognition is the form of a “selfie.” Aetna, the giant medical insurer, has disclosed plans to replace passwords completely by 2018, using pins, fingerprints, and “behavioral” biometrics, which adds a fourth tenet to authentication, namely what you do such as the way you move your mouse. Barclays Bank promises to take biometrics even further by using vein-ID, the uniquely characteristic ways your blood vessels are arranged, a means of authentication harder to “trick” than fingerprints or faces.

But the proof for widespread adoption comes out of India and its Aadhaar ID program, which has provided 1.3 billion of its citizens with a unique identifier based on fingerprint and iris scans. That’s helped pave the way for the vast majority of Indians to open bank accounts, even when they may not have a birth certificate or license.

Make no mistake. Biometrics, used as a sole method of authentication, is not to be viewed as a cure for the ailments of security threats. Hackers have reportedly demonstrated proof of concept examples of how to fool Apple’s facial recognition technology with a mask made on a 3D printer. Most of all, biometrics, by themselves, also breach two cardinal rules of strong authentication. One, they’re not secret. Two, they can’t be changed if compromised.

Finally, biometrics need to be considered against the practicalities of convenience and sheer computing power. For the sake of both, a smartphone holds just enough fingerprint data to assure a fast response and, more importantly, a one-in-10,000 chance of making a mistake, or, as security pros call them, a false-positive or false-negative. Those odds seem long – until you scale them. That means for every 1 billion fingerprints smartphones authenticate, a million could be wrong.

Despite any downsides, though, the use of biometrics is inevitable. Teamed with other authentication factors the technology promises a soon-to-arrive future where the time-worn, all-too-porous password-only approach to authentication will become a thing of the past.

“The bad guys have been ahead of passwords since the 1980s,” according to Symantec’s Witten. “You can’t stand still for 30 years without consequence.”

If your business needs assistance with IT, consider using a Premier IT Service Provider like EnhancedTech. Contact us for a complimentary consultation at 714-970-9330 or at [email protected]

Source Image: https://www.pexels.com/photo/finger-print-on-enter-key-of-keyboard-163017/

Leave a Comment
Read previous post:
Ransomware: Industries Most at Risk

Ever wonder how hackers target their victims? It seems certain industries are more prone than others. According to a new...