Will Biometric Data Replace Passwords?

July 07, 2016 / in Blog, Encryption/Security / by Zafar Khan, RPost CEO

Many companies are continually struggling to protect customer data from hackers, thieves and other cybersecurity threats. Some firms have begun using biometric data in place of passwords. For example, many banks now allow customers to use fingerprint or iris identification to access bank accounts from mobile devices. This includes Bank of America, JP Morgan Chase and Wells Fargo. Google and other technology firms are working to combine biometric information to further strengthen security using information such as eye scans, fingerprints, face shape, voice recognition and even body movement. The prevailing idea is that although a single biometric indicator would not be secure enough by itself, a combination of many such indicators could “result in something more than 10 times as secure as a fingerprint.” And an ancillary promise is that biometric-based security would afford the ultimate in convenience to end users, who would no longer face the challenge of remembering convoluted passwords of their own creation.

While biometric-based security may be promising and is certainly attractive to institutions and individuals that require more effective cybersecurity, the promise of greater security could also be accompanied by new threats to personal privacy. Could consumers’ fingerprints, iris scans, and other biometric data be shared with third parties, just as their demographic and certain behavioral data already is? it is already legal for a cellular carrier to track and store your movements with cell-site location data.

If consumers share their biometric information with a cellular carrier or a bank, how might this data be used? Would banks share your physical characteristics with advertisers? Would a thief be able to use your biometric information to apply for a credit card? How far removed are we from a world where DNA verification is needed for such applications? Like any new technology, there are a myriad of considerations that materialize when you consider real world implementation.

For example, as biometric-based security sees greater adoption, it is certain that criminals will attempt to steal this data. However, rather than lifting fingerprints off a beer bottle or lopping off a target’s fingers in the audacious manner of a Hollywood film, hackers will seek out the digital representations of this biometric data on corporate servers, perhaps using malware to gain access to such data.

It will likely take many years for biometric security technology to be implemented throughout society due to the complexity of the aforementioned and other potential ripple effects. Before technologists and the corporate entities they serve are able to deliver on their promises of a biometrically-secured future, businesses must take advantage of presently available tools to protect themselves and their customers.

What are the security tools of today? For Internet banking, multifactor authentication with a temporary pin (tied to phone/email access), security question, or other secondary factors (used in combination with a robust password) is one well-known best practice for securing Internet banking accounts. For email, email encryption is recommended by security experts to maintain the privacy of your email message and any file attachments. While these practical cybersecurity solutions may seem less interesting than retina scans and motion-detecting sensors, they surely are the best available tools for the job – at least for the time being.