Biometrics gaining ground as a password alternative

Malware capture user passwords by harvesting digital data, increasingly making passwords redundant

Organisations and services increasingly moving towards multi-factor authentication including federated ID and biometrics, whille malware designed to capture user passwords by harvesting digital data is increasingly making passwords redundant, say several recent research reports.

Password stealing ware (PSW), a malicious software used by cyber-criminals, grabs data directly from users’ web browsers using various methods, according to information shared by Kaspersky Labs. This gives them access to sensitive information including saved passwords, autofill data and saved payment card details.

"Given the importance of authentication in online transactions, and the key role played by passwords, this is data that cyber-criminals have been interested in since the advent of online transactions," Kaspersky principal security researcher David Emm told SC Media UK.

The annual security research report by Duo Security found that its users are slowly migrating to mobile biometric sensors, such as Apple Touch ID and Face ID, Android fingerprint sensors and Windows Hello.

"The use of biometrics has risen consistently over a four-year stretch, heralding that people are relying less on passwords and the passwordless future may be closer than you think. Biometrics usage will continue to increase as more device manufacturers support them, which is a giant leap toward a passwordless future," said the 2019 Trusted Access Report by Duo.

Replacing password as the method of authentication is a major step to counter identity fraud, adds David Orme, SVP at IDEX Biometrics Asa. 

"By adding fingerprint biometric authentication as a layer of security we can ensure the right person is accessing the right device, building or system. While it’s quite normal to forget a password, you can’t forget your fingerprint," he said.

According to recent research by IDEX, 53 per cent of cardholders would trust the use of their fingerprint to authenticate payments more than their PIN. The biggest attraction of biometrics is that it makes the task of authenticating almost frictionless, said Emm. 

The growth is most evident in North America. Tthe biometrics market there is set to reach £8.8 billion by 2023, with changing consumer demands and the emergence of the internet of things (IoT) fuelling this rapid growth, according to a research report by Frost & Sullivan. The firm says that the market is currently valued at £3.7 billion, meaning a staggering annual growth rate of 19.3 percent.

"This predicted growth rate is entirely understandable," said Jason Tooley, chief revenue officer at Veridium. The cost and security compromise associated with traditional passwords for both business employees and customer transactions also makes biometrics a preferred choice.

"I would not be surprised to see the market growth surpass £10 billion by 2023," he added. 

While there is a clear move towards replacing passwords with biometrics in online transactions, the method is not free of pitfalls, warned Emm. 

"If a password is compromised, it can be changed. But with fingerprint recognition, there’s no easy way to mitigate ongoing risk of ID theft. For this reason, biometrics should be used in place of usernames, as a way of identifying someone, with a password confirming someone’s access to a resource.  In any event, the use of multi-factor authentication is very important," he points out.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews