Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

What is biometric authentication? It’s time to bury the password

By Brian Foster, SVP Product Management, MobileIron 

Humans are not the best when it comes to security – and it’s hardly likely we are going to get any better. It is therefore surprising that, despite advanced technological capabilities being available, we seem to enjoy making things harder for ourselves by using a mode of authentication that is no longer fit for purpose – the password. Passwords are ingrained in our society. They’ve been around for 60 years, but that also means that they have long outlived their potential as the safest way to secure our digital, private, and work lives.

The pain of passwords

Brian Foster
Brian Foster

Passwords are the enterprise’s greatest nemesis.It is well-documented that they are the leading cause of data breaches. In the 2019 Data Breach Investigations Report, for instance, Verizon found that stolen user credentials account for 80% of data breaches. Perhaps less documented, but equally troubling, is the pain of administering passwords.

Passwords provide a troublesome experience for both endusers and IT departments. Password management has proved to be a very costly endeavour for companies. The World Economic Forum reported that over half of IT help desk budgets were allocated to password resets. Today, fingerprint readers and facial recognition software are available on most mobile phones, and most users prefer them to using passcodes because of the high convenience factor. Thus, replacing the password with biometrics will not only improve the user experience of necessary security protocols, but will also break the budgetary burden IT departments are experiencing as a result of passwords.

A matter of convenience?

Inevitably, people expect the same seamless and convenient user experience across their professional life as well as their personal one. Not to mention that having to set up and remember a different password for each different website is not very practical and leads to poor password hygiene: users resort to reusing passwords for both personal and professional use, which presents an additional security risk.

The best alternative is a form of sign-on that most of us are already utilising to some degree in our daily lives: biometric data. Biometric data measures a person’s physical characteristics to verify their identity. The most common types are the aforementioned fingerprint scanners and facial recognition software, or voice-recognition software such as the one used for digital assistants likeSiri or Google Assistant. Clearly, the main benefit of this is the user experience: users can be authenticated instantly using inherent physical attributes, with the help of devices that people always carry with them, such as their smartphones.

Biometric benefits

Biometrics also have major benefits from a security perspective. Firstly, a simplified user experience means that people are less likely to resort to writing their passwords in a word document, using untrustworthy password-management apps or jotting them down on random scraps of paper, which can lead to compromised credentials. There’s no need for resetting credentials either. Once an individual’s biometric data is gathered, the system is set for good.

Secondly, biometrics are usually part of a multi-factor authentication (MFA) process, which provides an additional layer of user verification for high risk environments. Biometric data is a very accurate and relatively hard to replicate form of authentication as it is, but using it as only one step of an authentication procedure is the ideal security etiquette.  And the best example of this is using a MFA system with biometric data as part of a zerotrust approach to cybersecurity.

Beyond passwords, beyond trust

A zerotrust approach is a security concept that functions on the basis of ‘guilty, until proven innocent’. It follows the idea that the perimeter is an outdated model of security and that organisations should not trust anyone, regardless of whether they’re outside or inside the perimeter. Rather, everything should be verified before being allowed access. In this way, the enterprise can quickly eliminate threats as soon as they are spotted trying to breach their systems, whereas with the old perimeter approach, an intruder would be able to access everything inside the perimeter once it had breached the firewall and until it was eventually spotted. And with over half of breaches taking months to be discovered (Verizon), the damages that can be inflicted once someone infiltrates a perimeter are substantial. Clearly, the perimeter approach is no longer working.

As organisations increasingly employ cloud technologies and the workforce becomes progressively mobile, the need for security solutions extends outside a contained physical perimeter, anyway. A zerotrust approach recognises the enterprise’s need for flexibility. It verifies things beyond just a user’s ID through the use of biometrics. It extends across a dynamic environment and it can validate things such as the user’s location, device or network before allowing access.

Most businesses seem to acknowledge the password-less, zerotrust approach as the best way to secure their organisation. In fact, a Spiceworks survey revealed that biometric identification is utilised in 62% of companies and 24% plan to employ this technology within two years. So, the situation looks promising: we can eliminate passwords and replace them with biometric data, and the onus is on the technology industry to drive security forward by doing so.