How a year can change one’s perspective.
At the beginning of 2018, identity security experts around the world praised biometric authentication as the next gold standard in authentication processes for enterprises of all sizes. Even we here at Solutions Review hailed the end of traditional, password-based access management in one of our Best Practices articles.
After all, biometric authentication is designed to be more secure than passwords; the latter is notorious for being easily guessed, cracked, or purchased on the Dark Web due to the plethora of data breaches and credential repetition. Biometrics cannot be lost or stolen (theoretically), are distinct to each individual (theoretically), and are impossible to fake (theoretically).
Yet new research and exposure to the realities of enterprise authentication processes have changed the discourse surrounding biometric authentication. It has also simultaneously changed the 2019 predictions for biometrics.
With the new year so close at hand, and so many identity experts putting out their 2019 predictions, now is the time to examine where biometric authentication is going.
Here are our biometric authentication 2019 predictions:
Biometric Authentication Will See Increased Adoption
The relationship between consumer and enterprise authentication practices and policies is nebulous one at best. The consumer’s priorities and demands differ wildly from the employee’s or the administrator’s…even if they are the same person. However, there is no argument that exposure to an authentication technology in one sphere of life can influence the adoption of those same technologies in another.
Currently, only 32% of American adults favor biometrics over passwords. In contrast, 58% of American workers prefer passwords over biometrics in the workplace. According to Callsign, workers perceive passwords as more convenient than biometrics. At the same time, mobile device and endpoint manufacturers are increasing their incorporation biometric authentication into their products.
Apple mobile devices have long provided the option for both fingerprint and PIN number inputs into their authentication hardware. Newer models have been focusing on facial recognition with surprising success. As part of our 2019 predictions for biometric authentication, we predict this increase of biometric authentication options in consumer endpoints will contribute to a more positive perception of biometrics in the workplace. This, in turn, will lead to better adoption rates and perhaps better identity security overall.
Furthermore, we predict bring-your-own-devices culture will increase biometric adoption as well, as those same consumer devices become part of the enterprise network.
Biometric Authentication Independent Security Might Give Way
Recent studies from Michigan State University and New York University proved AI programs could synthesize human fingerprints in an academic setting. These faked biometric factors were authentic enough to fool authentication system approximately 20% of the time.
Philip Bontrager, a doctoral student with the research teams behind the experiments, noted: “Fingerprint-based authentication is still a strong way to protect a device or a system, but at this point, most systems don’t verify whether a fingerprint or other biometric is coming from a real person or a replica.”
The results of these experiments can be taken in many ways. They took place in academic environments, which do not always correspond to the realities of identity security. At times, academic hacking studies can overstate the relative dangers of a particular threat (this is not to degrade the vital work of academic studies, merely to point out a potential possibility).
On the other hand, these studies also highlight biometric authentication is not as impervious to hackers as security experts may hope. If it can be achieved by academics, it can certainly be achieved by hackers or by crimeware-as-a-service products on the Dark Web.
Therefore, we predict biometric authentication will and should remain a vital component of multifactor authentication protocols. However, our 2019 predictions are confident the dream of a passwordless future is still just a dream.