Given the range of system logins enterprise users and customers have to access every day, the process of keying in a password over and over has become not just an inconvenience but also a security risk. From banks and hospitals to campuses and corporate offices, the password is becoming an outdated form of login credentials for computer systems and facilities. Hackers, fraudsters and data thieves, for instance, are continually devising ways to steal passwords or circumvent the need to supply one to carry out their criminal activities. It’s no wonder then, that in a recent survey, 70% of American respondents find biometrics more convenient than passwords. All it takes is a single scan of the fingerprint, iris, ear, or face to detect and verify the identity of the user.
Biometric data rely on the measurements of key features on a person’s body or even their behavioral output, such as their signature or tone of voice. However, the most popular types of biometric data are physical: some examples are DNA, fingerprint, or iris patterns.
Why is biometric authentication a more secure alternative to the password, then?
Biometric authentication uses unique data
This level of complexity and specificity—typically absent from most passwords—is crucial in keeping security high, especially since four out of five data breaches (81%) take place with the use of a stolen or weak password, Verizon’s 2017 report on data breach investigations showed.
While people can generate quirky alphanumeric passwords that appear difficult to decipher—and difficult to copy—the fact that passwords are artificially produced and exist outside of the person also means they can easily be replicated or stolen.
The case is different, however, for biometric data since the patterns that signify a unique identity are naturally occurring. Biological attributes thus become an essential part of a person’s digital identity and are authenticated right where the person is physically located.
Unlike passwords or codes that might be forgotten over time, biometric data remain inherent in a person, as these are his physical and behavioral characteristics.
Biometric authentication is convenient to use
Having to memorize passwords can be painstaking. Instead of doing so, however, most people would rather use the same code across different platforms. In the US, the average user links up to 130 online services to a single email account. This raises the risk of losing access to multiple accounts once that single password is stolen.
Biometric authentication eliminates the need for users to input a different password on yet another platform, or to risk getting hacked across apps when they recycle the same universal password.
All that a user has to do when accessing a device or app, or authorizing an action, is to wait for the biometric scan to complete. The system allows for easy verification thanks to the use of sensors that read multiple data points on a subject’s physical or behavioral features.
Biometric authentication can support multi-factor authentication
For users who prefer to key in passwords or draw lock patterns on their device, but who still require an extra layer of security, biometric authentication can be used in conjunction with other traditional modes of verification.
Most security systems can accommodate any combination of physical and behavioral cues along with nominal codes to launch an action. For instance, a person can input a password, then proceed with an iris scan, combine facial recognition with voice recognition scans, or swipe an access card, then proceed with a fingerprint scan.
Biometric authentication is safe from most cyber attacks
The most common cybersecurity threats come in the form of phishing attacks and, more recently, identity theft through impersonation or spoofing.
Phishing attacks are socially engineered to deceive users into giving up their personal data or prompt them into clicking or downloading a file that grants attackers easy access to their system. An essential part of a phishing attack is how it is made to look like a legitimate request so that the victim would type in their security details into a fake login portal.
Phishing attacks are less likely to occur, however, when biometric data is being used through multi-factor authentication. That is when the system requires not just the password but also the actual scan of a person’s physical or behavioral feature when launching an app or authorizing a transaction.
The popularity of mobile banking apps in recent years, for instance, has prompted banks to switch to biometric authentication as a more sophisticated method for users transacting via the app.
Companies are also now increasing security against fraudsters who would use the victim’s selfies to impersonate or spoof them during a facial recognition scan.
The more advanced biometric authentication systems include a liveness detection or spoof detection tool to determine whether the sample being presented before the sensors is a live human being or a spoof. Security protocols include instructions for the user to blink, open their mouth, or respond to a question—all of which would be difficult to perform with a spoof.
As more device manufacturers like Apple and Samsung build scanners and sensors into their systems, more companies will find it useful to incorporate biometric authentication to enhance their security features.
About the Author:
Alex Hunter is a Business Development Representative from ImageWare Systems. She has spent the past 8 years working to develop market awareness of, what is now recognized to be, one of the world’s leading 2FA/Multi-Factor Biometric Authentication solutions available today.
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky