Why Biometrics is the Next Evolution of Password Security
According to research carried out by cybersecurity firm Trace Security, 81 percent of hacking-related data breaches leverage weak or stolen passwords. If you’ve been paying much attention, that probably doesn’t come as any great surprise to you - after all, weak passwords were the reason the Mirai botnet was able to grow to the extent that it did. It’s common knowledge that the password, as it exists today, verges on obsolescence.
“Passwords were developed in 1964 when I was 16 years old,” explains Frank Abagnale, a leading security consultant and lecturer. “Today, at 71, we’re still using passwords as a protocol to get into security systems. I don’t understand why there are still passwords when we know passwords are the root cause of all these issues that we have.”
But if we’re meant to no longer use passwords, what’s the alternative? Biometrics. Alphabet announced in mid-August that it has plans to render passwords obsolete.
“Passwords, combined with Google’s automated protections, help secure billions of users around the world,” the company explained in an August 12 blog post. “But new security technologies are surpassing passwords in terms of both strength and convenience. With this in mind, we are happy to announce that you can verify your identity by using your fingerprint or lock screen instead of a password when visiting certain Google services.”
Google’s not the only company to make a push like this, either. Microsoft has something similar in the works with a service known as Windows Hello. Like Google’s fingerprint-based authentication, Windows Hello is built on FIDO2, a service designed to make authentication to online services both simpler and more secure - while also doing away with passwords altogether.
At present, how this works - at least in Google’s case - is simple. A user registers their username and password with an online service or platform once. The password can thus be as complex and ridiculous as they want it to be; they won’t need to remember it.
Instead, they can simply access their account through the biometric data stored on their device. Biometric authentication carried out in this fashion is more convenient and more secure. And while it may certainly be possible to fake a fingerprint or facial recognition scan, it’s a lot more difficult to do that than it is to crack a weak password.
Eventually, as biometric technology grows more accepted and more widespread, we’ll likely do away with passwords altogether. Registering for a service or logging in to an app will be as simple as a fingerprint scan. There are privacy concerns here, of course - issues around how biometric data is stored and accessed by the companies that possess it.
Until we have an answer as to how we can deal with passwords, they will still have their part to play in the interim. Ultimately, their days are numbered. Biometric-based authentication is the future.
And password-based authentication will soon go the way of the dodo.