How Biometrics Are Replacing Passwords

Our bodies have replaced traditional passwords as a means of identification. Without even realizing it, consumers are already using biometric identification technology every day.

The iPhone X brought mass market, high quality, facial recognition to the world. Apple has used fingerprint scan-and-recognise systems for years in previous iPhones. Visa, Mastercard and Facebook are amongst a growing number of companies all investing heavily into biometrics.

Fingerprints and the future

Trends suggest that consumers are becoming more comfortable using biometrics on a day-to-day basis. In January, IBM Security released a study of 4,000 adults around the world finding that 67 percent said they’re comfortable with biometric identification today, and 87 percent expect that they will be soon.

What’s more, millennials show even greater comfort with using biometrics, and higher levels of frustration with conventional password systems. 75 percent of millennials are comfortable using biometrics today, as compared with 58 percent of consumers aged 55 and older. Meanwhile, less than half of millennials use complex passwords, and 41 percent use the same passwords to access many different accounts.

While some might say that recent anxiety around data breaches might make consumers more afraid to hand over biometric data, some say these trends may actually push people further toward biometrics, which aren’t as easily faked.

“As consumers are acknowledging the inadequacy of passwords and placing increased priority on security, the time is ripe to adopt more advanced methods that prove identity on multiple levels and can be adapted based on behavior and risk,” said Limor Kessem, executive security advisor at IBM Security.

Risks with biometrics

In May 2017 the Chaos Computer Club (CCC), a hacking group based in Germany, tricked the iris scanner on the Samsung Galaxy S8 into believing it was scanning a real person. This was a simple, low-tech, hack. They used a photo of the phone owner’s eye, changed the brightness and contrast so that the retina details were clear, and put a standard contact lens over the photo.

In March 2018 a group of Chinese academics published a paper outlining a method for using invisible infra-red light into fooling facial recognition systems. The BoingBoing article describes how:

“infrared can be used by attackers to either dodge [facial recognition systems] or impersonate someone”

There are more examples but the point is that like all software, biometric systems are only as competent as the underlying code. With trained AI systems, not only do they depend on high quality algorithms, they also depend on high quality data sets on which they are trained.

Coming to a wallet near you

Meanwhile, the largest players in payments and technology are preparing for a biometric future with new acquisitions and product launches.

Mastercard is introducing banking cards embedded with a fingerprint sensor that allow for remote verification of a user’s identity. The technology verifies the user’s identity entirely on the card itself, without transmitting any biometric data, and works with existing payment terminals that read chips. If used properly, it eliminates the need for a password or a signature.

“Making life safer and simpler for consumers is the cornerstone of our efforts around biometrics and comes through the use of some incredibly sophisticated technology,” said Bob Reany, executive vice president of identity solutions at Mastercard. “People love the security our biometric card delivers because we put their needs first.”

Visa is keeping up in the biometrics game as well, launching pilot tests of biometric cards with Mountain America Credit Union and Bank of Cyprus in January. As with Mastercard’s example, Visa’s version also performs the identity check directly on the card itself.

In a study of 1,000 US consumers, Visa found results that were similar to IBM’s global sample: 86 percent of consumers are interested in using biometrics to verify identity or to make payments, and more than 65 percent of consumers are already familiar with biometrics.

In the future

As biometric scanning becomes more common in payments and other sensitive contexts, it won’t be long before we start protecting our online identities with biometrics, too, or we may not have any choice other than to use biometrics.