When it comes to online security, we trust far more than we should. We trust our coworkers and friends with our login information. We trust organizations to handle our information responsibly. We trust our passwords to protect us from hackers. Nowadays, some of us even trust biometric authentication to guard most of our information.
But are biometrics truly more secure than the passwords of yore? Various instances of spoofing have called that into question. Plus, if we can’t get a handle on our data now, it’s not clear why we should trust a fingerprint to do it better for us.
Here’s the thing: We shouldn’t eliminate the idea of trust. We changing our mindset about security. And the first thing to change is passwords.
The problems with passwords are extensive and well-documented. Passwords get lost or stolen. People share passwords. Worst of all, people will use the same password for more than one account.
The connection between these issues highlights a clear problem: Passwords can get you into an account, but they can’t prove that you’re the one logging in. Passwords can’t authenticate your identity. All they do is show that you know the password.
You’re the Solution
Your fingerprint, voice, and face belong to you, and only you. This means that when you log in using biometrics, you’re authenticating your identity at the same time. You’re the only one with your particular biometric identifier, so nobody else can log in as you with biometric authentication.
That’s true in theory. In practice, biometrics have their own pitfalls. Facial recognition remains imperfect due to the fact that faces change and the world is full of doppelgangers. Voice recognition is rife with issues as well. Voices change, and voice authentication is vulnerable to external variables that obscure the user’s voice. Not even fingerprints (which are truly unique) are perfect forms of authentication.
Biometric authentication only reaches its full potential when users choose unique biometric identifiers and can accurately capture it each time. Users choose face and voice recognition because they’re convenient– not because they’re the most effective means of authenticating.
Neither one of those features’ uniqueness can be reliably captured by the technology that’s currently available. Fingerprints, on the other hand, are unique and can be reliably captured, but some technology companies only require a partial print. In other words, the problems with biometrics have less to do with biometrics themselves than they have to do with how carefully we implement them. Responsible implementation lets us maximize the effectiveness of biometrics.
Handle (Your Security) With Care
This information shouldn’t suggest that biometrics are more secure than passwords. It should confirm it.
We can’t trust passwords, but our online ecosystem won’t function at all if trust is absent. Capitalizing on the Internet’s offerings means creating accounts, accessing knowledge, and interacting with different people.
That requires trust, and biometrics offer a place to put that trust. Biometrics offer an elegant, secure solution that we can count on. All the information you need is already in (your) hand.