All fingers and eyes: will biometrics kill off the traditional password?

How will biometric authentication change computing?

Could we all soon be using fingerprint scanners

Could one of the most hated aspects of the internet – the alphanumeric password – soon be replaced? A revolution that's going to start with the fingerprint scanners already in high-end smartphones, the shift from passwords to biometrics will mean the popularising of voice authentication, facial recognition, ear-print authentication, retina scans and more.

All of that will require new hardware, such as fingerprint scanners, though since most high-end smartphones now come with fingerprint scanners built-in, expect a swathe of apps. In fact, Juniper Research predicts that over 770 million biometric authentication apps will be downloaded each year by 2019, up from just six million this year. In short, the days of alphanumeric passwords in the smartphone market appear to be numbered.

Do people want to use biometrics?

Whether the introduction of fingerprint scanners in banks, in shops and on desktops happens quickly en masse is doubtful – it's expensive technology to introduce on a massive scale – but there is a demand for something other than passwords.

A report in January by Visa Europe revealed that three-quarters of 16 to 24-year-olds would feel comfortable using biometric security, 69% believe it will be faster and easier than passwords and PINs, and half of young people foresee the death of passwords by 2020. This so-called Generation Z is also the demographic that has the most liberal attitudes to passwords; over a third have shared their debit or credit card PIN number with someone else.

"We have more logins and passwords than ever to help keep us secure online and on the high street, but for Gen Z it just feels like an unnecessary burden," says Jonathan Vaux, Executive Director at Visa Europe, who challenged banks to quicken the pace of development on biometrics.

Silvio Kutic CEO at Infobip
Silvio Kutic, CEO at Infobip

"Consumers are keen to shun passwords entirely in favour of biometrics as an easy and secure way to keep their data safe," adds Silvio Kutic, CEO of mobile services and SMS messaging provider Infobip.

Is the alphanumeric password dead?

So biometrics will be welcomed, but does that necessarily mean the death of the password? "Not in the slightest," says François Amigorena, CEO of infrastructure and security management solutions software company IS Decisions, whose customers include the FBI, the United Nations and Barclays.

"Passwords are still the primary security method used the world over, but like any good security practice, they shouldn't be used in isolation … biometrics is another security layer that, when coupled with passwords, provides a layered wall of protection."

Fran ccedil ois Amigorena CEO at IS Decisions
François Amigorena, CEO at IS Decisions

Not everyone is so forgiving. "The traditional password, if not dead, should be killed," says TK Keanini, CTO at network visibility and security intelligence company Lancope. "Proactively, we should all demand better and more modern methods of authentication – the inherent problem is that human memory has limits that will always keep this type of password weaker than other methods."

Why computers love passwords

Humans might hate passwords, but computers love them; there is only one correct answer. "With biometrics, there is no 'right' answer – it's impossible to be 100% accurate with a fingerprint measurement, there are only degrees of accuracy – is this 99% likely a match, or 95%?" says Garrett Bekker, Senior Analyst, Information Security at 451 Research. "How do you define the acceptable threshold of accuracy? Do you set the threshold at 99% and risk rejecting users incorrectly?"

IT staff also love passwords. "Old habits die hard in security … passwords are relatively inexpensive and most people are familiar with them," Bekker observes. "It will take years to replace them." He doesn't buy the 'convenience' claim for biometrics, either, stating that, "the stronger and more secure (authentication technology is), the more expensive and inconvenient it is to use."

He also points out that using a fingerprint scanner outside in the winter while wearing gloves wouldn't be easy, and nor would a voice authentication system cope well if you had a sore throat.