Biometrics are generally seen as a better way of authenticating user than passwords. That’s not hard, given how badly passwords are misused. However, a recent survey by Nomidio shows that biometrics are still not universally accepted by users. More importantly, there is a significant trust issue that security companies need to address in how they handle biometric data.
Philip Black, Commercial Director at Nomidio, said of the research: “Biometric authentication is still emerging, and if we want consumers and employees to make the step-up, we must deliver solutions that provide a ‘Netflix style’ user experience. If I can’t log-in because my biometric ID is tied to my phone and it’s lost, stolen or out of battery, I might just stick with a password.”
Biometrics still struggling for traction
Mobile phones have been introducing the option for biometric security for some time. Fingerprints and facial recognition options have been growing as newer phones appear. Even banks have gotten in on the act with HSBC introducing it to customers back in 2016. At the time, it used the slogan “my voice is my password.”
As such, it would be reasonable to think that the majority of people surveyed had encountered and use biometrics regularly. But what do we learn from the survey?
- Fingerprints: This is the most commonly used biometric. 58% say they have used it, but only 34% use it regularly. Surprisingly, 40% have heard of but never used fingerprint-based security.
- Face Recognition: This is the second most commonly used recognition. Apple, Microsoft, Samsung, Huawei and others have added it to operating systems for phones and computers. Just 34% have tried it, and only 16% admit to using it regularly.
- Voice Recognition: Computer and mobile device manufacturers all have voice recognition, but not all use it for security. HSBC has not provided any details on how widely customers have taken to the technology. In the survey, 31% say they have used it, but only 6% use it regularly.
- Eye Scan: Think James Bond in Thunderball, and that is most people’s first encounter with the use of eye scanning technology. Unsurprisingly, just 19% of people have tried it in different environment with just 4% using it regularly. There is no real detail on where they use it, but this is likely to be in high-security environments.
Overall, only 6% use any form of biometric regularly. It’s a ridiculously low number given how long there have been options to make better use of them.
What are the inhibitors?
Trust and technology. No surprise there. As Black says, the technology needs to be seamless, and today, despite the advances in devices, it is not. More importantly, however, there is a trust gap here and one that is going to be hard to close. The reason for this is the way companies often treat passwords and personal data.
Technology: The survey asked if downloading and installing an app every time a company wanted you to authenticate to it would deter people from using the technology. This caveat is important. It ignored the potential for a biometric wallet in the operating system or something that could be shared across apps. The result was that 72% said it be an inhibitor with 40% saying a significant issue.
Trust: Respondents have limited trust in vendors to keep biometrics safe. Misuse (35%), re-selling (33%) and theft of biometrics (32%) were all a major concern. Despite this, 35% said they had no concerns over biometrics at all.
Enterprise Times: What does this mean?
Reuse of passwords and poor password security is a problem across the board. The use of multi-factor authentication to harden security is on the rise. One of the routes through which security can be improved is the use of biometrics. However, as this survey shows, there are trust and technology issues to overcome, and they won’t be easy.
That said, some highlights in this survey show that the issues can be resolved. For example, 57% agreed that biometrics are faster, 53% more secure and 54% easier to use for authentication, than passwords. It’s a start, but those numbers need to be qualified based on the number who regularly use biometrics today.
Are we moving to a place where we can deploy more secure solutions? Possibly but the user experience needs to improve substantially to improve adoption.