Biometrics: Secure Authentication in the Modern Age
From Star Trek to Terminator, some of Hollywood’s most iconic science fiction movies have depicted exciting uses of biometrics: facial recognition, retina scans, DNA matching, and brain scans to confirm characters’ identities. As those visions of the future became real technology, the business world got wrapped up in the hysteria, with the first biometric factors coming onto the security landscape being touted as the be-all and end-all hack-proof alternatives to passwords.
The revelation that biometrics weren’t going to be that unbreakable force, thanks to AI-generated fingerprints and vulnerabilities in even highly sophisticated facial recognition systems, led to a sharp decline in interest. Despite 90% of businesses planning to use biometrics in 2020, Spiceworks research found that only 10% of professionals think they are secure enough to be used as their sole authentication factor.
The truth is that no system or proof of identity is unhackable. That’s why a strong identity management solution must include multiple security factors, balancing each other and helping fill in weaknesses. And when considering which factors to implement, the reality is that biometrics is currently the most secure identity verification method available to enterprises.
What makes biometrics so secure
Secure authentication requires a user to verify beyond any doubt that they are who they say they are. And biometrics seemingly provide the ultimate human verification, given that our voices, fingerprints, retinas, and even our veins are inherently unique.
The key reason that biometrics have been pervasive in popular culture and readily accepted by consumers is the beautifully simple user experience they allow. Verifying your identity via your thumbprint or face is quicker and easier than having to type in a PIN or remember and correctly enter a password. Fingerprint and facial scans are widely used in everyday consumer devices, especially for unlocking devices and verifying small purchases. Consumers want interactions to be frictionless, and biometrics is the lowest friction security factor to date.
That frictionless experience also makes the technology far more secure for enterprises, as poor security practices are impossible with biometrics. There’s no writing down or reusing passwords to avoid a complex login experience, which has led to one of the greatest increases in data breach risk, and the hardest for IT to control and minimise. Good security hygiene is part and parcel with the biometric experience.
Implement MFA with biometrics as best practice
As exciting and secure as biometrics may sound, they should not be relied on as a single source of truth. Biometric information is often publicly available: people leave fingerprints everywhere they go, our faces are frequently captured on CCTV, and biometric systems have been proven to be hackable.
With access to this information, hackers could clone or fake biometric traits. But that’s a difficult, costly, and time-intensive task that requires a highly targeted approach that only the most sophisticated and dedicated attacker is likely to take. Large-scale attacks against employees’ passwords are far quicker, easier, and more feasible for malicious actors to carry out.
Therefore, the answer to the question of “Which authentication is the most secure?” is, and always has been, “Multiple authentication factors.” Combining the use of biometric verification with multi-factor authentication is the most secure option for protecting enterprise systems.
Biometrics have a long way to go from the pipedream of Hollywood directors, but combining these innovative factors with a simple, traditional factor is the best way to keep the modern enterprise secure. Requiring users to submit a fingerprint verification alongside entering a PIN code, for instance, vastly increases the certainty that the user is who they claim to be. Adding further context to this through a user’s location or IP address provides enterprises with an additional level of protection and assurance.