Why Passwords are No Longer Fit for Purpose | GBAF | GBAF

Why Passwords are No Longer Fit for Purpose | GBAF | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > What is biometric authentication? It’s time to bury the password

What is biometric authentication? It’s time to bury the password

Published by Gbaf News

Posted on February 13, 2020

5 min read

Last updated: January 21, 2026

What is biometric authentication? It’s time to bury the password

By Brian Foster, SVP Product Management, MobileIron

Humans are not the best when it comes to security – and it’s hardly likely we are going to get any better. It is therefore surprising that, despite advanced technological capabilities being available, we seem to enjoy making things harder for ourselves by using a mode of authentication that is no longer fit for purpose – the password. Passwords are ingrained in our society. They’ve been around for 60 years, but that also means that they have long outlived their potential as the safest way to secure our digital, private, and work lives.

The pain of passwords

Brian Foster

Brian Foster

Passwords are the enterprise’s greatest nemesis.It is well-documented that they are the leading cause of data breaches. In the 2019 Data Breach Investigations Report, for instance, Verizon found that stolen user credentials account for 80% of data breaches. Perhaps less documented, but equally troubling, is the pain of administering passwords.

Passwords provide a troublesome experience for both endusers and IT departments. Password management has proved to be a very costly endeavour for companies. The World Economic Forum reported that over half of IT help desk budgets were allocated to password resets. Today, fingerprint readers and facial recognition software are available on most mobile phones, and most users prefer them to using passcodes because of the high convenience factor. Thus, replacing the password with biometrics will not only improve the user experience of necessary security protocols, but will also break the budgetary burden IT departments are experiencing as a result of passwords.

A matter of convenience?

Inevitably, people expect the same seamless and convenient user experience across their professional life as well as their personal one. Not to mention that having to set up and remember a different password for each different website is not very practical and leads to poor password hygiene: users resort to reusing passwords for both personal and professional use, which presents an additional security risk.

The best alternative is a form of sign-on that most of us are already utilising to some degree in our daily lives: biometric data. Biometric data measures a person’s physical characteristics to verify their identity. The most common types are the aforementioned fingerprint scanners and facial recognition software, or voice-recognition software such as the one used for digital assistants likeSiri or Google Assistant. Clearly, the main benefit of this is the user experience: users can be authenticated instantly using inherent physical attributes, with the help of devices that people always carry with them, such as their smartphones.

Biometric benefits

Biometrics also have major benefits from a security perspective. Firstly, a simplified user experience means that people are less likely to resort to writing their passwords in a word document, using untrustworthy password-management apps or jotting them down on random scraps of paper, which can lead to compromised credentials. There’s no need for resetting credentials either. Once an individual’s biometric data is gathered, the system is set for good.

Secondly, biometrics are usually part of a multi-factor authentication (MFA) process, which provides an additional layer of user verification for high risk environments. Biometric data is a very accurate and relatively hard to replicate form of authentication as it is, but using it as only one step of an authentication procedure is the ideal security etiquette. And the best example of this is using a MFA system with biometric data as part of a zerotrust approach to cybersecurity.

Beyond passwords, beyond trust

A zerotrust approach is a security concept that functions on the basis of ‘guilty, until proven innocent’. It follows the idea that the perimeter is an outdated model of security and that organisations should not trust anyone, regardless of whether they’re outside or inside the perimeter. Rather, everything should be verified before being allowed access. In this way, the enterprise can quickly eliminate threats as soon as they are spotted trying to breach their systems, whereas with the old perimeter approach, an intruder would be able to access everything inside the perimeter once it had breached the firewall and until it was eventually spotted. And with over half of breaches taking months to be discovered (Verizon), the damages that can be inflicted once someone infiltrates a perimeter are substantial. Clearly, the perimeter approach is no longer working.

As organisations increasingly employ cloud technologies and the workforce becomes progressively mobile, the need for security solutions extends outside a contained physical perimeter, anyway. A zerotrust approach recognises the enterprise’s need for flexibility. It verifies things beyond just a user’s ID through the use of biometrics. It extends across a dynamic environment and it can validate things such as the user’s location, device or network before allowing access.

Most businesses seem to acknowledge the password-less, zerotrust approach as the best way to secure their organisation. In fact, a Spiceworks survey revealed that biometric identification is utilised in 62% of companies and 24% plan to employ this technology within two years. So, the situation looks promising: we can eliminate passwords and replace them with biometric data, and the onus is on the technology industry to drive security forward by doing so.