Biometric authentication – a trend or the future?
Pandemic changes to the way people behave were inevitable. We now work, learn, shop, and spend a lot more of our free time online. Compared with the pre-pandemic period, the users’ attitudes and behavior shifted.
This includes biometric authentication: fingerprint, facial recognition and other methods. According to the 2021 Global Identity & Fraud Report, 74% of users prefer biometric authentication as the primary security method. It’s fast, it’s something we always have accessible, it’s secure.
But is it? And does this mean we’re entering the passwordless era?
Biometric authentication is convenient.
It’s not surprising why people prefer biometric authentication over passwords. We spend too much time online and browse too many websites to remember all the passwords, or even have patience to type in each of them manually.
But you can never forget your finger, voice, or face at home. Plus, placing your finger on a scanner is much more convenient than typing a 20-character password with Capital letters, $ymbols, and numb3rs.
Can biometrics be hacked?
There’s one thing wrong with biometric-based logins, though. If your data gets stolen (and this happens way too often), you won’t be able to create another fingerprint. Or an eye. Or a face.
It might be complicated to fake your face ( but possible with 3D masks) or duplicate your fingerprint ( possible by taking a high-quality picture). But there’s still a risk of losing your data, even without considering these rare scenarios. Your biometric data can be leaked from the database it is stored in if the provider is not taking proper care of it.
As users, we are more or less used to password leaks once in a while. This is something that just happens. However, your biometric data stored in the same databases are prone to cyber-attacks too. In 2019, 28 million records of over 1 million people were leaked. They included fingerprint and facial recognition data, passwords, and photos of people.
So yes, biometrics can be and are hacked.
Biometrics vs. passwords – which is here to stay?
The use of biometric authentication is growing globally. Despite the speed and convenience that biometrics provide, they still fail to provide the functionality that passwords do.
- If let’s say, your Twitter password gets leaked, you can immediately change it. But if you used a biometric authentication method as the main one, then your sensitive data is breached for good and there’s not really much you can actually do besides carving out new fingerprints.
- Passwords provide you with a sense of anonymity. Random usernames and random passwords protect your online identity. Your face used for logging in doesn’t.
- Today you can share passwords securely, but you can never share a part of your body – at least not in the nearest future.
All of that being said, it seems that there’s still a big risk to fully switch to biometric-only logins. However, online security is getting advanced, and people care about both convenience and safety. In this case, it appears that a hybrid of both – passwords and biometric data – will become the future.
Two-factor authentication improved
Biometric authentication can serve as an ideal second factor in the authentication process.
You type in a strong, complex password, and then you additionally prove it is really you by using biometrics on your secondary device. Such partial biometric authentication combined with passwords has been widely implemented by online banking systems, password management tools, and other reputable services.
Choosing only biometrics for logging in poses some security risks and inconveniences that only passwords can solve today. That being said, passwords are here to stay. At least for now.
Therefore, combining the two – instead of choosing one over another – can provide both the highest level of security and convenience.