Customers of bunq, an innovative European challenger bank, can use biometrics instead of passwords to access their accounts. In this blog, bunq discusses some common problems with passwords and why the bank partnered with Veridium to favor biometrics for customer authentication and onboarding.
Passwords aren’t known for providing positive user experiences. With requirements around character count, upper case letters, numbers and special characters, they can be cumbersome to create. On top of that, passwords have to be remembered. This is even more of a hassle since so much of what is used in people’s personal and professional lives is protected with a password. We have to remember the passwords for our bank and email accounts, social media profiles as well as work applications like Salesforce, Microsoft Office and many others.
Passwords also have a security problem. Attackers use them to infiltrate targets. Common ways of obtaining passwords include stealing them in phishing attacks and purchasing ones exposed in data breaches. Of the 41,686 security incidents covered in the 2019 Verizon Data Breach Incident report, 32 percent involved phishing and 29 percent involved stolen credentials.
Additionally, people tend to use the same password for different accounts, which proves problematic when credentials are exposed in a data breach. Using well-known phrases for passwords is also a common issue, making them easy for attackers to guess.
Despite these issues, passwords have been the main way we authenticate since the 1960s. But that’s changing. Organizations are starting to look beyond the password for authentication. Passwordless authentication, which lets people authenticate using their biometrics and a smartphone, is now an option. Since there’s nothing for people to type in or remember or for attackers to steal, this method offers convenience and security.
After being the main way to unlock smartphones and access mobile apps, enterprises are using this method for consumer, employee and transaction authentication. One such business is bunq. People are accustomed to using passwords for authentication so switching to biometrics is an adjustment for some. A common question people ask is why biometrics are more secure than passwords. Let’s explore that question and look at why the future of authentication could be passwordless.
Using a biometric for authentication is very different from using a password
To use a stolen password, an attacker just has to type it in. Using a stolen biometric isn’t as easy. First, the biometric has to be ‘spoofed.’ For example, pulling off an attack using stolen fingerprints requires making molds that contain high-quality reproductions of a person’s fingerprints.
However, creating a high-quality reproduction isn’t enough to deceive biometric sensors. Passwordless authentication technologies have liveness detection measures that ensure a person and not a fingerprint mold, 3D mask or other spoofed biometric is authenticating.
Some passwordless authentication platforms also incorporate behavioral biometrics into authenticating.
Behavioral biometrics, an emerging and incredibly promising form of security, covers how people interact with their smartphones. This includes subtle factors such as the pressure that people use to press on the screen and how they hold their phones. Everyone interacts with their phone differently, making behavioral biometrics hard to replicate. These behavioral differences are factored into the authentication process and make sure that the user is legitimate.
For bunq, several types of biometrics are used for the onboarding and authentication processes. Perhaps the one that is best known is the hand scan feature, which was implemented with the help of Veridium. Using a smartphone, people simply scan their hand with the camera and it authenticates them instantly. This method adds an extra layer of security and simplicity to the platform. Check out the video below to see the hand scan feature in action!
Is the future of authentication passwordless?
Using passwordless authentication with biometrics puts bunq in good company. Microsoft is phasing out password authentication for employees and letting them use biometrics instead. The technology giant expect other companies to follow suit in six year. To help with the transition, Windows 10 will let people authenticate with a biometric rather than a password.
Meanwhile, research firm Gartner predicts that by 2022, “60 percent of large and global enterprises, and 90 percent of midsize enterprises, will implement passwordless methods in more than 50 percent of use cases — up from 5% in 2018.”
Law enforcement agencies are also encouraging the use of biometrics over passwords. In September, the FBI warned organizations that attackers have grown more skilled at intercepting one-time passwords used in two-factor authentication. Instead of one-time passwords, the FBI recommended using either biometrics or behavioral information in two-factor authentication.
Moving away from passwords requires people to rethink authentication. But given the security and convenience benefits biometrics offer, passwordless authentication’s use is poised to grow. bunq’s pledge is to make life easy while providing the most secure banking experience possible. Biometrics will continue to play a key role in delivering that security.