Democratizing Access to Biometric Authentication

Biometric Authentication

As part of Solutions Review’s Expert Insights Series— a collection of contributed articles written by industry experts in enterprise software categories— Dr. Mohamed Lazzouni of Aware sets out to spread awareness on the importance of increasing access to biometric authentication technology.

expert insight badgeA recent industry survey offered insights into current attitudes toward passwords among general consumers and small to mid-sized businesses (SMBs). The inherent weaknesses of passwords are well-acknowledged in the industry– they tend to be highly prone to theft and loss and, according to the respondents, are also difficult to remember and manage.

 

In fact, consumers’ level of contempt seems to have ratcheted up considerably, as evidenced by the survey findings, including:

  • More than half of respondents have given up on purchasing a product or service because they couldn’t remember their password.
  • More than half said that having to go through a password reset process has negatively impacted their mood and their entire day.
  • Nearly 50 percent of consumers say they would be more likely to sign up for a new product or service if it offered biometric authentication (fingerprint, face, voice, iris) versus passwords.

In this context, an authentication process delivering the optimal combination of security and low friction becomes a key competitive differentiator, and responses from SMB owners suggest this as a clear need:

  • Nearly one in three SMB owners routinely get feedback from both employees and customers indicating frustration with passwords.
  • Almost 95 percent of SMB owners (500 employees or less) view delivering an easy authentication experience as an important differentiator.
  • 57.8 percent of SMB owners are willing to allow both their employees and their customers to replace passwords with biometrics.

The problem for SMBs is that biometric authentication methods have traditionally required special hardware or equipment and advanced technical development, which is often costly and requires substantial manpower and time. This can create problems for SMBs with its two most critical user constituents– employees and customers.

For example:

  • Employees: Today’s employees are growing increasingly dissatisfied with any technology that they perceive as slowing them down or creating obstacles in doing their jobs. According to the most recent statistics, almost half of U.S. workers say they would be likely to leave their current job if they were unhappy or frustrated with the technology they have to use at work, and this naturally extends to authentication, which is the digital front door to most of the technologies employees rely on. If a given form of authentication consistently impacts employee productivity negatively instead of elevating it, chances are it will be repudiated. In recent years, remote work has really exposed the limits of outdated technologies like passwords, and employees’ tolerance levels are shrinking quickly.
  • Customers: The bar for consumers’ expectations for fast, reliable, feature-rich online experiences is high, and this is especially true in highly competitive sectors like financial services. Community banks, smaller credit unions and neobanks, for example, are constantly striving to deliver the same seamless user experiences as their larger counterparts. The growing need to interact with customers online in order to acquire and service them optimally is leading SMBs to compete through a superior user experience (UX) that includes modern authentication.

SMBs do not have to settle for the lower security assurances of passwords. They do not have to be more vulnerable targets to ransomware, CMS takeovers and fraud. Today, an estimated 43 percent of all cyberattacks are targeted at small businesses because they are often perceived as softer targets. Some might try multi-factor authentication to increase the strength of traditional passwords – for example, a code sent via email or text – but such methods often do little more than increase annoyance while still being relatively easy for hackers to subvert.

From the perspective of delivering both superior user convenience and security, biometric authentication is a much better alternative, and never forces an organization to prioritize one over the other. It is becoming critical to overcome barriers and bring biometric authentication within the reach of SMBs. What is it going to take to get there?

  • A more accessible, adept delivery model: To date, the biometrics industry has traditionally not been cloud-native, and this needs to change. Moving to a cloud or SaaS-based model can remove the cost and time requirements of implementing biometrics, by having the biometrics provider handle the obligatory due diligence.
  • Data security and privacy assurances: From the very beginning of the cloud computing era, security has been a source of concern. To this end, biometrics providers need to combine and leverage both biometric and non-biometric best practices to ensure the security and privacy of biometric data in the cloud, at every step in the process – for example, encryption of all data in transit, erasure of data at various intervals, no storage of personally identifiable information and more.
  • Given customers choice: SMBs should always provide a clear option for users to choose not to store their biometrics in the app and instead log in with a password or other form of authentication. It’s not likely this option will be popular, but it’s important to offer it as a foundation of trust.

As employees increasingly put their foot down on cumbersome, hard to use technology, and as customers demand only the most seamless and secure experiences, passwords are on borrowed time for all of us. Fortunately, new advances are now bringing biometric authentication to SMB’s cost effectively and with the promise that they no longer have to choose between security and low friction. They can have both.

Mohamed Lazzouni
Follow Him
Latest posts by Mohamed Lazzouni (see all)