The end of passwords?

Passwords have been the de facto identity authentication standard for years. But as a string of high-profile data breaches has proven, passwords can be problematic for companies and consumers. Is biometrics the answer?

When Apple integrated Touch ID into the iPhone, it soon became clear that fingerprint recognition was not just to make it easier for users to access their smartphones, but was an additional layer of security for new services such as Apple Pay.

While a fingerprint sensor wasn’t particularly new technology, its inclusion in the iPhone suddenly meant that millions of consumers worldwide had it in their hands every day and adoption as well as awareness has inevitably begun to grow.

Biometrics suddenly hit the mainstream, and it has since opened up a whole new world of possibilities for consumers and businesses, who can suddenly now buy, sell and transact simply by using their fingerprint and smartphone.

And as Apple Pay begins to take off in the United States, with it widely expected to launch very soon in the UK, many predict there will be an expectation from consumers that they can use biometrics for things other than payments.

“Given that users have now been exposed to the benefits and convenience of this technology on their smartphones, many will want a similar level of convenience in other parts of their daily lives, from using bank ATMs to opening doors, accessing corporate data in enterprise environments or claiming benefits,” says Paul Butler, vice president and general manager at identity solution provider HID Global.

“Over time the world of user authentication will continue to evolve and having secure credentials on a smart device will invariably reshape the industry.”

And the impact of this is thought to be far reaching. ABI Research believes overall consumer and enterprise spending on biometrics is set to grow at an annual compound rate of 29 per cent over the next five years, and that the overall market revenues for biometrics will reach a staggering $26.8 billion by 2020.

Biometrics, of course, extends beyond the Apple ecosystem and companies are experimenting with everything from voice and facial recognition, to monitoring people’s heartbeats as a mode of authentication. The implications of this for governments and companies across all sectors is huge, especially given that many have been relying on passwords to identify people for more than a decade.

But passwords have not proven to be entirely effective, given the string of high-profile data breaches from companies such as Tesco, Target and eBay in recent months, which have left customer data exposed.

If you can just put your fingerprint on a device, or if you could just show your face or use your voice to authenticate yourself, it’s just so much easier from a transaction perspective

Ajay Bhalla, president of enterprise safety and security at MasterCard, which supports Apple Pay and has a number of other biometric projects live in countries across the world, argues that biometric technology is inherently more secure, given that it is a lot harder for someone to steal your biometric details than it is for them to get hold of your password. This is especially true if two forms of biometric authentication are required to identify somebody or if biometrics is used in conjunction with more traditional approaches to authentication.

“Every day you see incidences where passwords are compromised. Even in my own life, I hate passwords. I probably use 50 applications a day and for each application you’re meant to remember a password. It’s not humanly possible to remember that many, so by habit you end up using one or two passwords for everything, which leaves a huge risk to systems when they get exposed,” says Mr Bhalla.

Finger print scanner
A finger print scanner

“As well as being more secure, biometrics is of course also more convenient. If you can just put your fingerprint on a device, or if you could just show your face or use your voice to authenticate yourself, it’s just so much easier from a transaction perspective.”

However, while there is a desire in industry to move beyond the problems of passwords, and consumers appear to be welcoming biometrics because of its ease of use, there are still looming questions regarding who are going to be the leading providers and what biometric technologies will be most popular.

Kevin Dallas, chief product officer of e-commerce at WorldPay, a global payment processing company that works with many of the world’s leading retailers and banks, argues that until a common set of standards is agreed, adoption will be tempered.

“One of the main barriers to the widespread availability of biometrics will be the convergence on a standard or a set of standards. At the moment everyone is experimenting, so you see a wide range of approaches,” says Mr Dallas.

“We have Apple in particular pushing forward the fingerprint, with the aim of bundling the fingerprint into the iPhone and Apple ecosystem. But will that become the dominate form of biometrics? I don’t know. The fragmentation of experimentation is normal in an adoption curve, but it will also slow down the widespread adoption of a set of standards.”