Do biometrics represent the end of the humble password?

Do biometrics represent the end of the humble password?
(Image credit: Shutterstock)

We’re living in a climate where the risks posed by cybercriminals are constantly looming – last year broke records for the number of data breaches resulting in exposed records and this year shows no signs of slowing down. With Kylie Cosmetics and Blackbaud both suffering data breaches in the past month alone, it’s clear that the risks posed by these groups of unscrupulous individuals are here to stay.

Add to this the current remote working situation and things get even more complex. With employees using home internet connections or their own devices for work purposes, the transition to widespread remote work has heightened the security risks which were already present in the office. The recent lockdown announcements mean many of us will continue working remotely for the foreseeable future, meaning the need for secure authentication has never been higher.

A need for new authentication

Under current circumstances, improving enterprise cybersecurity is mission critical. Our recent research revealed just 18% of businesses say their current security solution is fully secure. The most likely causes of potential threats are human behaviors and, with 92% of Brits admitting to password reuse at home and at work even amid a rising number of data breaches, it’s easy to see why. The amount of time that IT and security teams spend managing users’ password and log in information has increased 25% since 2019.

These contrasting figures paint a picture of a complex security landscape, and clearly something needs to be done before it’s too late. With 85% of IT and security professionals agreeing that organizations must reduce the number of passwords being used on a daily basis, does this mean the end of the humble password?

A future for fingerprints

Biometrics has emerged as a key contender in the future of identity management. Biometric authentication relies on the biological characteristics of an individual to verify they are who they say they are. Common types include fingerprint scanners, facial recognition, voice identification and eye scanners, and its increased use is being driven by convenience and a reliance on hard-to-fake individual biological traits.

Formerly seen as a staple in every spy movie, biometric authentication is now an accepted part of the security landscape. And its use is on the rise, with 65% of consumers trusting fingerprint or facial recognition over traditional text-based passwords. This increasing comfort is likely down to frequent use of mobile devices and paints a picture of a changing tide in consumer security approaches. But that’s not to say text-based passwords will disappear completely. While biometrics help to overcome the problem of users forgetting login credentials, it should be seen as more of a validation technique rather than an access method.

In comes passwordless authentication

When used properly, text-based passwords are more than effective as a secure means of authentication. Passwords have always been the foundation of authentication and there’s no reason why this shouldn’t continue. However, they should be used in conjunction with additional solutions to cancel out the risk of poor security practices.

Here, there are varying ways organizations can bolster passwords to strengthen their security IT infrastructure. Passwordless authentication, for example, enables users to login to devices and applications without the need to type in a password, streamlining the experience while still maintaining high levels of security.

Biometric authentication, single sign-on (SSO) and federated identity all serve as cornerstones of passwordless authentication technologies, but none of them will directly replace passwords. Instead, passwords will continue to be used in some way throughout the business and will need to be managed securely and efficiently. It’s therefore critical that, alongside the implementation of a passwordless authentication model, a simple and efficient password management solution is put in place.

Old meets new

With so much hype around biometrics as the future of authentication, it’s easy to see why people have begun questioning whether there is a future for text-based passwords. But the reality is passwords work – it’s when people use them in correctly that puts an organization at risk.

As we continue to hear news of data breaches brought on by avoidable mistakes such as password reuse, security awareness must become a priority. The truth is people don’t often see themselves as being at risk of a cyberattack, but this mentality must change if businesses are to come out more secure. In addition, businesses can employ tools to protect themselves against the risks posed by hackers. Passwordless authentication is the ultimate solution when it comes to a stronger, more secure authentication method while also offering ease-of-use – convenient at a time where anything organizations can do to simplify the lives of their employees will bring about wider

  • Barry McMahon is Senior Manager of Identity and Access Management, LastPass by LogMeIn.
Barry McMahon

Barry McMahon, Senior Manager of Identity and Access Management at LastPass by LogMeIn. During his career, he has acquired and developed a unique mix of skills that enable him to excel in today’s tech world.