Film producers have recognised for a long time – as have many in the security sector – that passwords are not cool. Imagine Bond typing and retyping a password to gain access to a villain’s lair – those extra few seconds taken might just have given Blofeld the time needed to achieve his plans for world domination!
In all seriousness, Hollywood is onto something. Passwords are low-tech. Not only do they lack glamour, but in a world where speed of use is everything, the very act of typing in a password is becoming a point of frustration. And that means users will come up with their own means of minimising that frustration – through simple passwords, reusing the same one across multiple sites & applications, and even sharing them with others to enable access to shared machines. That, of course renders them near to useless.
Now, some of these bad practices can be managed through stricter internal policies, forcing people to renew passwords, or to use more complex ones, but this doesn’t tackle the fundamental issue. It simply forces users to jump through the hoops they wanted to avoid.
Biometrics are now offering a solution, and one that’s finally mainstream: High street banks incorporate them on the customers’ mobile apps, UK passport control uses iris scanners in its ePassport gates, and Apple has recently launched FaceID, enabling you to unlock your phone simply by looking at it.
Finally, there’s momentum behind a move to a passwordless world, and that’s a good thing for users, for admins, who won’t need to enforce complex passwords and waste time resetting “forgotten” ones, and for data subjects, whose information will be more secure as a result. In fact, I suspect the only people mourning the demise of the password will be those criminals who relied on its intrinsic weaknesses to do no good.
Biometrics as MFA – what’s so great about it?
Traditionally, MFA has been based around a two-part key: making use of “something you own” and “something you know” makes it exponentially more difficult for an unauthorised user to gain access to your information. Biometrics takes this a level further, replacing “something you know” with “Something you ARE” and that creates an incredibly quick and easy authentication for your users while bolstering security.
Where will this lead us?
I may be biased, but the potential applications for biometrics-enabled MFA are vast. With fingerprint recognition well established on smartphones, and facial recognition doubtlessly following suit, it will become the de facto means for consumers to login. And where technology is concerned, where consumers lead, business soon follows. With SecurAccess we already enable your users to access all their key business applications through biometrics. Meanwhile, we’re seeing automotive companies like BMW start to embrace the technology. When big brands like BMW get involved, you can be sure there’s a long-term future for biometric security.