The integration of biometrics is a welcome addition to expand on the various functionalities and security features. They act as a bastion of defence to the unknown and murky waters, where security breaches await just a click away from login forms and homepages.
We explored the transition of online security measures, and how passwords are slowly but surely making way for biometric measures in a previous post, and we continue that exploration in this post.
How secure is 2FA really?
Two-factor authentication (2FA) processes are seen as an industry standard by many to log in to their bank accounts, adding a peace of mind to bank security. But just how bad is the situation regarding 4-digit pins that warrants us to seriously think about how protected we think we might be? An in-depth blog post examines the frequency of combinations through a series of 3.4 million passwords, the most popular being “1234” makes up for a staggering 11%. Interestingly, ranked in number 22 is “2580” for phone banking pins – the same numbers which run right down the middle of the keypad of a physical phone.
Looking at these statistics, for a large number of users, labelling the first-factor of their security as secure 2FA-protection could be a stretch. How users and companies view convenience has to be tampered with a mix of accessibility and caution. With the average person in the UK having to contend with 19 passwords, it becomes hard to fault taking the easy way out.
Considering that forgotten passwords cost companies a great deal, the jump to biometric security will be a welcome change that could prove more efficient and effective in the future.
As Steve Jobs said, “You have to start with the customer experience and work backwards to the technology.” A tech design principle that we are used to adopting for our interactions with technology, so even though there have been different types of biometric security that have been explored, their degree of implementation hinges on the same principle.
Most mobile devices will have three different biometric security features as standard features, with facial recognition, voice recognition and fingerprint identification, companies seem to be spoiled for choice in the different layers and options at their disposal. The faith in biometrics is strong enough to have made Citi bundle all their services in a comprehensive package, utilising all three mobile biometric security features on the mobile phone for access.
Biometrics – passwords for the future?
However, many do have their reservations when it comes to biometric security. For the longest time, industry experts have looked at mobile devices as the “last mile” to enterprise security. When it comes to biometrics, hackers have gotten savvy, utilising social engineering as their gateway for their hacks. Even seemingly simple day-to-day interactions, such as answering a phone call resulting in the the hacker having what they need with the “can you hear me” phone scam exposes flaws and additional checklists that need to be in place before biometric security can be rolled out and used safely en masse.
There is also the issue of privacy intrusions with voice recognition as a biometric security measure that can make others think twice between being less secure, or being monitored all the time.
As much as biometric security looks to be the future, there are some who believe that solely relying on biometrics for authentication results in an effectiveness “below one”.
We have to accept the fact that hackers, organisations, and companies who we do not want access to our devices and information have more means now than ever to do so. The issue of cyber security cannot be looked upon with a silver bullet in the form of a single solution in biometrics, but in the smart implementation of biometric security as part of a better two-factor authentication process and beyond.
Find out how GTRIIP can offer you a biometric security solution with a comprehensive two-factor authentication that uses two unique biometric modalities from your users, for safe and secure keyless, and document-less check-ins.