By the Numbers: Why Isn’t Biometric Security Catching On in Authentication?

By the Numbers: Why Isn't Biometric Security Catching On in Authentication?

Solutions Review presents By the Numbers: Why Isn’t Biometric Security Catching on in Authentication? 

Previously, Solutions Review wrote an article entitled “Are Biometrics IAM’s Future?.” In it, we discussed the then-new wave in biometric security and authentication; ultimately, we expressed both optimism and ambivalence concerning biometric adoption. On the one hand, biometrics offer a concrete alternative to passwords. Passwords prove trivial to guess or crack with simple illicit tools purchased from the Dark Web. No such technology can do so for biometrics. Further, biometrics can’t become lost or stolen, unlike passwords. 

On the other hand, we noted several challenges concerning biometric security. We noted that the U.S. continues to struggle with the collection and use of biometric data, with self-regulation proving inefficient at maintaining privacy. Further, we wrote that while hackers cannot obtain biometrics without significant challenges, that doesn’t mean stealing biometric factors is impossible. Worse, if biometric factors are stolen, you cannot replace them like passwords. 

Additionally, having one password for everything that can never be changed violates several precepts of modern identity and access management. 

Yet since the article, enterprises continue to struggle with or delay implementing biometric authentication. Instead, two-factor authentication has taken over as the identity security strategy for the majority of organizations. Why? Why does biometric security create a hurdle in business’ identity management strategies and implementation? 

We break down biometric security by the numbers. 

Why Isn’t Biometric Security Catching On? 

According to a 2018 survey by Veridium:

  • 63 percent of respondents whose organizations experienced a data breach plan on implementing or planning to implement biometric authentication to prevent another one.
  • 81 percent of IT decision-makers reported that they think biometric authentication secures the organization’s data better than passwords alone. 
  • 99 percent of IT decision-makers reported they currently use passwords. 
  • Only 34 percent of respondents expressed confidence that passwords alone can protect data sufficiently. 
  • 83 percent of respondents reported that their employees use techniques to “bypass” password policy.
  • 63 percent believe biometric authentication offers better security.         

According to a more recent study by VISA, surveying 1,000 Americans: 

  • More than 65 percent of consumers are already familiar with biometrics. 
  • 86 percent of consumers express interest in using biometrics to verify identity or to make payments. 
  • 70 percent of consumers believe that biometrics are easier and 46 percent think they are more secure than passwords or PINS.

Recurringly, biometric authentication surveys and studies focus on consumers and their cybersecurity perspectives. However, consumer behavior can frequently predict employee behavior. Moreover, consumer-facing enterprises should keep these findings in mind when making consumer identity and access management (CIAM) decisions. 

According to the Center for Identity at the University of Texas at Austin:     

  • 58 percent of those surveyed say they feel very comfortable with fingerprint scanning biometrics. 
  • Only about a third reported feeling very comfortable with any other biometric factors.
  • 92 percent say they feel “more” or “about the same” level of comfort using biometrics today as they felt two years ago. 
  • 43 percent cite privacy implications as the source of their concerns with biometrics.  

Learn More about Biometric Authentication

Our Biometric Authentication Buyer’s Guide contains critical information on the top solution providers and key capabilities in the market. Also, we provide a Bottom Line analysis on each vendor.     

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner