In light of all the high-profile hacks – many of them involving personal login information and user passwords – companies are starting to focus their attention on advanced security. Since passwords can be hacked, sometimes easily, they need to find a new way to authenticate and identify users.
In 2014 alone, companies such as eBay, Evernote, Feedly, Domino’s Pizza, PF Chang’s and many more were breached by hackers who gained access to personal information and leaked the data. That’s not including high-profile hacks of companies like PlayStation Network, Sony, Target, Ashley Madison and many others.
Passwords are, for all intents and purposes, no longer a safe form of security. We need to find another way to identify users and provide system or administrative access.
That’s where biometric technology comes into play. Through the use of devices like fingerprint scanners, iris and facial recognition scanners, and even voice identification modules, users can be authenticated without being asked to enter a personal code or password. In fact, this technology has become so efficient that it’s now being used in smartphones and personal computing devices.
Is the technology really that much safer, though? Is it possible that passwords are still a more secure form of authentication?
Passwords or Biometric Locks?
So far, we’ve established that passwords aren’t exactly secure and that a wide range of companies have been breached and had such information leaked by hackers. What we haven’t discussed is why the traditional form of authentication – one that’s been in use for decades – is no longer considered the best way to identify and provide users access.
It all has to do with the problems associated with passwords.
One of the biggest flaws when it comes to passwords is that they must be stored – and referenced – somewhere. We’re not talking about the fact that the user might write their password down, record it on their smartphone or take another similar measure. The actual authentication system needs to reference the password to ensure the user is inputting the correct code. As we’ve seen with quite a few hacks, unscrupulous individuals are able to access databases which store such passwords and acquire the information. In a case like this, it is the negligence of the company in question that is responsible for the breach, as such information should always be encrypted and secured as much as possible.
Another flaw with passwords is that sometimes the users are at risk for exposing themselves. Hackers can install keyloggers, trojans or set up phishing pages that extract this information from them directly.
Once someone has the necessary login data for an account – including a password and username – they have absolute freedom.
Biometric locks, on the other hand, simply require physical authentication from the actual user like an iris or fingerprint pattern, voice pattern or something similar. These measures are not exactly easy to fake or replicate and it requires expensive equipment to do so.
Of course, there’s still the matter of whether or not these electronic devices can be hacked and manipulated. They can, and eventually, they will be.
More importantly, biometric identifiers are not governed by the same legal protections as a password, which constitutes as knowledge. In other words, you can be legally forced to offer a biometric identifier at some point.
So when it all boils down, biometric technology may be more secure in certain instances when compared to passwords, but at the same time, there are other areas where itis less secure. It’s just a matter of time before this technology is adopted by 650 million people or more.
Photo credit: Hebi B / Jeff Juit / Tanaka Who
