Biometric technology such as facial recognition and fingerprint scanning is no longer reserved for future generations or top secret government agencies. The truth is, people are increasingly using biometrics to authenticate identity. The fact that biometrics has become so popular on everyday devices such as smartphones begs the question, when will biometrics replace passwords for good?
There is no doubt that remembering passwords can be a hassle for most people, and with so many different accounts it is hard to keep track of what password lines up with what social media account or bank app. So why do people still use passwords? Can biometrics become the standard authentication procedure? And if we are stuck with passwords, how can people make them work best?
Why are businesses still using passwords?
Since the start of networked computing, people have relied on using passwords for authentication. In doing that, a culture of “If it’s not broken, don’t fix it” has become rooted in the cybersecurity foundation. It is easy for businesses to fall back on the default directory of employees in which every member of the company is provided with a password to access a specific application or system. Consequently, the majority of systems in use today rely on password authentication because it is the easy and in many cases, is the only option that can be used.
Many organisations also still rely on password authentication due to older, but still necessary, computer systems still being used. For an organisation to switch password authentication systems to biometric-enabled authentication systems, they will be forced to undertake an expensive project that can require long deployment and integration cycles. This often comes across to top executives as an effort to fix something that isn’t broken.
Will biometrics become the new standard?
Even though passwords are still widely used, there are many security experts calling for biometrics to become the new standard. Companies like Apple and Samsung have been integrating biometrics into smartphones for years now. However, will this become a new standard? Eventually yes, but only after traditional passwords have failed enough that the negative effect from breaches forces businesses to implement stronger forms of authentication.
When discussing standards, multi-factor authentication is looking more likely to become a new industry standard while biometrics is becoming a key player in multi-factor authentication. More organisations are implementing the need to supplement the single factor of something known (the password) with a second factor of either something possessed (such as a smart card or OTP token) or an additional personal piece of information, and more recently another factor could be something biologically unique, such as biometrics.
How can I dodge the risks of passwords?
Whether password or biometrics, authentication technologies exist to secure access to systems and data. As passwords continue to be breached through social engineering attacks, there is a compelling need to find ways to use them better. One way to increase security, while not falling risk to the weaknesses of passwords is by setting up multi-factor authentication. There are many options available for a second or third factor in authentication, and making sure that it fits with the culture of an organisation is important to ensure that users can seamlessly gain access to their work without having it disrupt their workflow.
Another way to increase security and reduce the chances of being breached is by reducing the number of passwords employees use, but making them change the password frequently. Much of the trouble with hacked passwords is that they are easy to discover. This can be the result of poor practices such as never changing a password or the result of social engineering to guess them. However, a single hard-to-guess password that is changed often, and applies everywhere across the business, is an ideal solution to the traditional password weaknesses. Single sign-on and directory consolidation are easy and common technologies that can achieve this end.
So while passwords are here to stay in the short term, biometrics will have a big part to play in how the standards of authentication change over the course of the next few years. While businesses continue to rely on passwords now, it is important that they take action to ensure password breaches do not happen to them. Multi-factor authentication and smart password management are crucial until biometrics can be relied on to secure all organisations’ data today.
Jackson Shaw is vice-president, product management, at One Identity.