Biometrics: the New Frontier in Security, but Why Aren’t We There Yet?

Written by

Biometrics is often considered to be the cutting-edge technology that the security industry needs to adopt to help drive innovation in the digital age. In a world where things are evolving quicker than ever, cybersecurity often finds itself in a constant battle to keep up with the pace of change, with many believing biometrics to be the answer we are looking for.

In the last few months alone we have seen big high-street names try their hand at introducing biometric services like voice recognition and fingerprint scanning to strengthen their security strategies, with firms like Barclays a prime example.

What’s clear is that biometrics is now at the forefront of people’s minds. With many in the industry believing passwords alone are simply not enough and more individual, two-factor authentication now a must, the obvious next step would be to start using this technology in the mainstream.

However, despite its obvious potential and impressive possibilities, biometrics still seems to be some way away from being used across all authentication processes. What’s more, recent research has shown that people are still very much on the fence about adopting biometrics, with a significant number of the public lacking trust in it.

Keen to know more, I had the opportunity to sit down with David Baker, chief security officer at Okta, and delve into the topic a little further, picking his brains on where he sees the technology going.

Baker explained that biometrics has been the goal for security since 2002, as it taps into the ‘best’ part of three security factors:

What I know (username, password)
What I have (device, cell phone, computer)
What I am (biometrics)

“Biometrics are very, very individual; thumbprint, iris, etc., the problem is that the technology needed to be able to understand something like an iris scan or a gesture is still very difficult.”

The use of thumbprint scanning for two-factor validation has become very mainstream so we are on the way there, he added, but the interesting thing about biometrics is that they can actually be interfered with by outside influences such as body temperature. 

“I could go work out, and then use my cell phone as a biometric and it doesn’t work. It’s probably about a one in ten failure.”

So, the real challenge lies in how to get something that is reliable and works every time, because if somebody needs to log into a critical system and it’s failing, that will cause difficulties. Further, how you go about getting things like iris scanning and voice recognition to work in busy, public environments is another hurdle that needs to be overcome before we see biometrics truly take over.

“But we’re proactively working on it, and yes, [eventually] it will replace username and passwords,” Baker said. 

What’s hot on Infosecurity Magazine?