How Effective are Biometrics as an Alternative to Passwords?
The rising tide of data breaches and the increase in sophisticated hacking attacks of sensitive information has raised demand for a stronger and more secure way of protecting assets than password based security systems can provide. Due to the fact that password-cracking techniques are increasing in complexity, there is a strong need to implement more sophisticated security methods, and many are discovering the advantages and efficiencies that biometric authentication offers. However, there are many ideas and theories on how biometrics can replace traditional authentication techniques to provide stronger reliability and security and how effective these systems will be to help businesses and enterprises increase security, convenience, and realized cost savings.
Why do enterprises need stronger authentication methods?
Millions of people use passwords, personal identification numbers (PINs), and security tokens for logging into company databases that contain sensitive corporate and financial information, emails, and many other data applications. Due to the vulnerability of passwords, there are many hacking techniques to steal these types of credentials that can cause devastating data security breaches. Passwords have become obsolete because they can be easily guessed, stolen, or illicitly acquired by covert observation. Stealing, sharing, or swapping passwords puts industries in danger and the problem is getting worse each day. In fact, researchers at Verizon recently discovered that stolen passwords played a role in 48% of data breaches that involved hacking. These data breaches caused nearly 1 billion records to be compromised in 2014,
Affected organizations include most verticals such as banking and financial services, healthcare, law enforcement, and governments and the financial impact of these incidents are enormous. Sponsored by IBM, the 2014 Cost of Data Breach Study: Global Analysis stated that the average cost of these incidents was $3.5 million in U.S. dollars, a 15% increase from 2013. The recent rise of data breaches have proven that authentication methods using passwords or PINs are highly vulnerable and have failed to evolve in parallel with the increased sophistication of data breach threats. Business and enterprises are looking for more sophisticated technologies to secure data and maintain network security, and biometric authentication methods replacing passwords or used as part of a two factor authentication sign-in credential are gaining popularity. Industry experts are also parsing biometric technology for use in different sectors as an effective way to replace traditional passwords. Tod Neilsen, vice president of the Platform group at Microsoft, recently said:
“Biometrics will provide an alternative to passwords in Windows to provide our customers with increased ease of use, a higher level of network security, and lower overall management costs”
The effectiveness of biometrics as an alternative to passwords
Biometrics are unique traits or behavioral characteristics that can be captured and used for individual identification through different biometric modalities such as: fingerprint, finger vein, palm vein, iris, facial, or voice recognition. Using biometric identification for individual authentication is fast and it can instantly identify anyone within a matter of seconds. For many decades, this cutting edge technology has been using in law enforcement and government agencies as a secure and accurate way of identifying people. As the technology has evolved, it is becomemore sophisticated and readily available to enterprises for use in different applications such as biometric single sign-on (SSO) to strengthen network security. Biometric single sign-on (SSO) is a biometric identification management system that allows end users the ability to provide their biometric credentials in place of a password, token, or personal identification number (PIN) as a secure method of system or database access. Biometrics identifies individuals by “who they are” which eliminates the need to remember passwords. In addition, biometrics as an alternative to passwords can provide instant access to information at any place, wherever and whenever you need, are unique for every individual, and prevent unauthorized access from others who may have the means to steal passwords. Here are some major benefits that biometrics offers to replace passwords in businesses:
- Accurate identity management
Due to the fact that biometrics are unique characteristics for every individual (even identical twins!), they can more quickly and accurately identify anyone than any other current method. Using biometric SSO in businesses provides accurate and secure identity management and ensures the accurate identity of any employee to permit access to sensitive data or applications and reduce the risks associated with the loss of passwords and identity cards. By implementing a biometric SSO solution, a business can now create concrete audit trails of who is accessing what information that can help organizations more rapidly track any security incident.
- Increase efficiencies
By implementing biometric SSO, organizations can provide a more convenient and efficient way of password management and network security. Forgetting passwords and the help desk calls that result for resetting these passwords are a common scenario for organizations. According to an estimate by Gartner 20% to 50% of all help desk calls are for password resets. A biometric single sign-on system provides a secure biometric backed method for password resets which does not require staff intervention, which reduces the time and resource constraints for IT departments. According to Forrester Research, the average cost of a single password reset by help desks is about $70 and a biometric single sign-on solution can reduce these costs and save organization resources resulting from password resets because biometric systems do not require end users to remember passwords.
- Higher levels of security
For many years, biometric authentication has been considered to be the highest level of security authentication in areas such as law enforcement, the military, and the government using automated fingerprint identification system – (AFIS) software. Lowering the price barriers of biometric software and hardware has opened the technology to a broader user base including both small and large businesses seeking to better protect corporate data.
- Reduce risks of data breaches and financial losses
Implementing a biometric SSO solution with convenient integration into Active Directory bolsters password management security and leaves IT departments in complete control, helping to alleviate the costs many organizations face from government regulations, fines, and penalties on data security each year. Due to the rise of data breaches in different industries like financial services, healthcare, and government – often resulting in serious financial loss, loss of confidence, and damage to brand reputation. In a survey of more than 3,900 companies worldwide by Kaspersky Lab, it was found that the cost of lost financial data ranged anywhere from $66,000 to $938,000 per organization, depending on the size. Adopting a biometric single sign-on solution can prevent such incidents and save financial losses resulting from data security breaches.
“Biometrics will soon replace passwords,” is a common statement in the cyber security industry. Sooner or later biometrics will assume a role of the effective alternative to passwords. Biometric SSO is a cost effective system that can secure password management and network access to prevent data security breaches and saves enterprises millions of dollars every year due to data breaches. Implementing biometric authentication methods for enterprises brings efficiencies, stronger security, and a higher return on investment. Biometric SSO solutions can save the costs many organizations face from government regulations, fines, and penalties resulting from data security breaches each year.
Pingback: How Effective are Biometrics as an Alternative to Passwords? – M2SYS Blog On Biometric Technology | Kenneth Carnesi
Great article. Biometric SSO is certainly catching on but what about the issue, that unlike a certificate or password, your biometrics cannot be easily changed. If your fingerprint data scanned at a reader is stolen, you can’t request a new fingerprint. For this reason, biometrics must be complemented by another security factor for the highest level of protection.
Thank you for the comment Jason. The irrevocability of biometrics is certainly a point worth mentioning and an ongoing concern for the use of this technology. Although it certainly has been proven that fingerprint systems can be hacked by producing a falsified print, this is a very difficult process and can’t be performed without very sophisticated technology based on advancements in fingerprint technology anti-spoofing capabilities. In fact, spoofing a fingerprint reader can be much harder than guessing or brute-forcing a password or PIN code. Keep in mind also that spoofing a fingerprint doesn’t automatically suggest that the fingerprint can automatically be used to fool a biometric system – biometric scanner companies also tend to use different templates from one another, which aren’t compatible across different platforms. Therefore, your binary fingerprint is unlikely to be the same on an iPhone as it would be, say, on an Android device or a Ford car. If a hacker figures out how to capture your template data — for instance, using a popular technique called a “man-in-the-middle” cyber attack — he or she wouldn’t be able to use that data to hack into every account that uses your fingerprint to verify you. Compare that with the password, which can be, and often is, reused on multiple accounts — so a hacked Twitter password can quickly lead to a compromised Gmail, Facebook and bank account also.
Although biometrics aren’t perfect, they certainly offer a much more secure alternative to passwords or PINs.
Hey, Arifin!
It is an excellent article. Bio-metric SSO is an excellent technology of logging-in to the websites of the same business. It reduces the fear of getting data to be hacked. The technology is safe and highly secure.
Thank you for sharing the article.