We’ve recently discussed the future of secure online logins and moving toward methods that eliminate passwords. One of the methods discussed was the use of biometrics. Let’s take a look at how biometrics work and the advantages and issues to be aware of when using them to secure your accounts.
Many of us are familiar with facial recognition on our smartphones and tablets. This is one method of biometric authentication. Fingerprints, iris or retinal scans, voice pattern recognition, and even your typing rhythm can be used to authenticate you. Biometrics are something you are, like your fingerprint, versus something you know, like a password or something you have, like an authentication app or hardware token.
Biometrics can’t easily be replicated or shared. The biometric information you use is encrypted, making it hard to steal. Sites and applications also use methods called liveness detection to make sure it’s you trying to login and not a picture, deepfake video, or copy of your fingerprint.
To enhance security even more, artificial intelligence (AI) is increasingly used alongside biometrics to help decipher between human and fraudulent login attempts. Applications used by Uber and JPMorgan are already using AI powered biometrics for login and fraud prevention.
Biometric information can be used as part of a multi-factor authentication scheme when passwords are used removing the need for SMS texts or an authentication app. You may have read news articles related to how SMS-text authentication has been compromised and the recommendation from security experts is to move to passkeys, passwordless logins or another form of secondary authentication. Biometric information may be one solution to more secure authentication.
While biometrics can offer freedom from passwords and the potential for greater account security, there are some things to consider.
Your biometric data (face, fingerprint voice) are permanent. If your biometric information is compromised, such as through a security breach, you can’t change it. Make sure you check how the company or application stores your biometric information and that it’s encrypted and not shared with third parties. Also check to make sure that the systems the applications use to authenticate through biometrics are designed to detect attempts to login in using photos, videos, or copies of you fingerprint.
While there are no federal regulations regarding the use and protection of biometrics. Several states have enacted regulations regarding their use.
For more information on the subject of biometrics and secure logins, check out these sites:
- What is Biometric Authentication and How It’s Changing Login – loginradius
- The Future of Authentication: Why AI And Biometrics Will Replace Passwords for Good – Forbes
- Beyond Passwords: The Future of Secure Logins with Biometrics, Possession Factors, and Magic Links – Cloud Goddess
- 11 Types of Biometric Authentication for More Secure Logins – miniorange
- How is biometric data stored? – NEC