It’s time to forget usernames and passwords and log in with biometrics

Posted — 06.06.2017

By Robin Tombs, CEO of Yoti

Over the past few years, we have seen a large volume of data breaches hit the headlines, and personal details of millions of people have been made public. One of the key issues is that once login details for one website have been hacked, cybercriminals can usually use the same details on other websites because many of us use the same password across different websites.

We’re creating more accounts than ever before; each one requiring a password. Most people cannot remember a different password for every website so choose convenience over security and recycle the same one. Furthermore, people don’t want the inconvenience of resetting forgotten passwords so use weak, predictable and easy to remember options. ‘Password1’ and ‘123456’ continue to be some of the most popular passwords around.

Another security issue with passwords is that they’re not unique to every person, system or device and can be separated from the owner. Whilst you may not think twice about sharing your password with a colleague or friend, the more people you share it with, the more likely it will fall into the wrong hands.

Is there an alternative to passwords?

Advances in technology and in the devices and applications that connect us means biometrics are set to play a big part in the future of authentication. Many companies are already using biometric technology as an alternative to passwords and the technology is gaining adoption with consumers; over a fifth of the UK’s smartphone users now authenticate with their fingerprint. Not having to remember passwords will make our lives much easier and our personal data safer. We’ll no longer have to reinvent ‘Password1’ or rack our brains for that elusive password.

Biometrics offer convenience, speed and security to consumers. They are unique to each person and a more secure option for organisations than transferable credentials such as PINs or passwords They also allow businesses to know exactly who they’re interacting with. Companies need to ensure they have the right anti-spoofing measures in place though. For example, if they ask a customer to take a selfie to login, they need to be certain that users cannot use a photo, video or mask of another person.

Each company needs to find the level of security that suits them and their customers – a bank is likely to have stronger authentication measures than an online retailer for example. If someone is logging into their banking app they may just need to scan their fingerprint, but should they want to make a high value purchase they may be asked to take a selfie. Biometrics can be used at different points in a customer’s journey to tighten security and offer layered authentication.

We can’t forget all passwords just yet, but companies are realising that passwords are not adequate protection for themselves or their customers. The technology now exists to offer users a more secure way to access, and crucially protect, their personal data. With more companies offering alternative login methods, a new era of authentication is coming.