But my password protects my data!!!
Passwords are broken. We all know it, yet most of us use a password as our primary way of identifying ourselves when we want to access an application. The challenge has always being finding something to replace them. While we have gone a long way in finding ways to reduce the passwords with federation and password managers, these are typically secured with… a password. MFA goes a long way to improving the security here, but creates friction in the user experience. Great, so now I need to enter a password AND unlock my phone to get a code.
Biometrics are physical or behavioural characteristics of a person. This includes factors such as:
- Facial recognition
- Finger prints
- Voice prints
- Typing patterns
No one else has your face, so using this to identify you makes sense. Same goes for the other metrics, these are all unique to you so can be an effective way to identify someone.
We have all seen the movies where the hero puts a piece sticky tape on the bad guys coffee mug, takes a print and scans it to open the door. And no doubt you have seen reports of facial recognition being fooled by video or 3D models.
In reality biometric scanners are sophisticated and able to perform liveness checks to make sure you are dealing with an actual human. In the case of fingerprint scanners, this requires some pretty hefty hardware. For facial recognition though, cameras on new smart phones are very high quality, coupled with a strong algorithm and you can get a highly accurate match.
Of course we still have the capability to use multiple factors. Facial recognition and a voice print for example if we need additional assurance.
Why is this good?
The real advantage here is that biometric authentication can be seamless. Most of us will have some experience with Windows Hello. Just look at the screen and you are in – no need to type a password, worrying if you have the CAPS lock on, re-entering after you mistype it, having someone else with your password access your PC. All friction related to the authentication is gone.
And biometrics opens up some other opportunities.
Because the authentication is seamless, we can introduce the concept of continuous authentication. Making sure that it is the same person throughout the interaction without the person having to do anything other than be themselves. If I have an extended session this is important, and may be for someone sitting an online exam or for someone conducting phone banking, or even just someone completing an online form.
Converging physical and logical
The other aspect we have is the idea we can use a single credential (e.g. your face) to access not only your applications and data, but your physical locations. Introducing the concept that you can look at your screen to open the desktop, or at a CCTV camera to open a door is available now. The technology is here to do that.
Biometrics – so hot right now!!!