Will Biometrics Ultimately Kill All of Our Passwords?
If you’ve watched any films or television over the last 30 years you should be fairly familiar with the concept of biometrics. Fingerprint and retinal scanners have been a popular plot device in spy dramas and science fiction epics for decades. But it’s not all Hollywood make-believe. Biometric identification is very real, and many see it as the ultimate security solution. Fingerprint scanners are already becoming a standard feature on many smartphones and laptops; and banks and retailers are beginning to incorporate bio-tech into their online services, allowing customers to authorize transactions with the swipe of a finger.
But will biometrics really replace the character based password, and is it truly as safe and secure as proponents claim?
The Current State of Biometric Identification
Fingerprint scanners for smartphones were introduced in 2011, and have become popular features on high end handsets like the iPhone 6 and the Galaxy S6 Edge. Perhaps the most recognizable form of biometric tech on the market, fingerprint scanners allow users to lock and unlock their devices, and to authorize online transactions with the touch of a fingertip. But fingerprint identification has come under some scrutiny of late, and many security experts have suggested that it may not be as safe as we have been led to believe. Fingerprint scanners are not always accurate, and can easily be spoofed, making them a poor substitute for a character based password. However, proponents of biometric security remain undaunted, and are working on new technology that they hope will finally lay to rest the old fashioned password.
The Future of Biometrics
While fingerprint identification may be failing to set the digital world on fire, new technology is being developed that aims to deliver on the promise of biometric security. Just this year, at the Mobile World Congress, two companies unveiled competing retinal scanners designed to be incorporated into standard smartphones. Fujitsu and ZTE have both developed an operational retinal scanner that is more accurate than fingerprint identification, while remaining small enough to fit into a standard sized handset. Both firms hope to have smartphones with retinal scanning technology on the market by the end of the year.
But the trend towards biometric security doesn’t stop at retinal scanners. PayPal, a founding member of the FIDO Alliance, has recently announced that they are working with a number of tech firms to develop the next generation of biometric security techniques. The FIDO (Fast Identity Online) Alliance is committed to improving online security by eliminating easily hacked character based passwords. They see biometrics as the key to that end. Many avenues are being explored, including brain implants, heart and biochemical monitoring, and ingestible devices that would contain the user’s unique ID codes. All of this may sound fanciful, but it clearly illustrates just how committed FIDO and its members are to biometrics and the future of online security.
New Security Tech Means New Security Concerns
While tech firms and software developers are touting biometrics as the wave of the future, some security experts are already voicing their concerns. Sir John Ayde, former head of GCHQ, believes that the use of biometrics in smartphones and other mobile devices could put users at risk. Ayde is not against the use of biometrics, but is advocating for stronger safeguards to protect users’ personal data. By its very nature, biometric identification requires devices to store and transmit unique biological information. Ayde contends that that information, in the wrong hands, could leave smartphone users vulnerable to cyber fraud and identity theft. Ayde is pushing for more robust security measures to protect people using smartphones with in-built biometric technology, and for official regulation and monitoring of all biometric identification processes.
Proponents of biometric identification have a rallying cry, “Kill All Passwords”. The FIDO Alliance and its partners are dedicated to eliminating the character based password, and to developing a new level of online security. But many hurdles will have to be crossed before biometric identification becomes a standard for smartphones and laptops. Beyond the technological aspects, there are many security and privacy issues that will have to be addressed before biometric identification can safely supplant the traditional character based password. Even then there is the question of convincing the public at large to adopt biometrics as their preferred form of identification, and that may be a tall order.