CybersecurityBiometric security could do away with passwords

With hackers and cyber thieves running rampant online, efforts to create stronger online identity protection are leading major tech firms to invest in biometric security methods.

As Business Insider reports, firms are incorporating biometrics — the recognition of a user through fingerprint, iris, voice, or facial scans — to stay ahead in a competitive industry.

“I would love to kill the password dead as a primary security method because it’s terrible,” said White House cybersecurity coordinator Michael Daniel to a security tech forum last year.

Daniel’s statement foreshadowed larger industry moves, first and foremost with Apple’s successful introduction of Touch ID in its latest lines of iPhones. This move on the part of such a large company has led to a growing conversation about biometrics, and has spurred others to follow.

Samsung has now introduced its own fingerprint scanner, and Qualcomm recently unveiled its 3D fingerprint technology, which is now being built into the chips of many of its devices.

In tens of millions of cases, passwords have been stolen in breaches of major retailers, including companies such as Target, Home Depot, and JP Morgan Chase. It is one of the principal elements of identity theft.

“Biometrics are likely to be a major part of any new identity verification effort,” said Ramesh Kesanupalli, the vice president of Fast Identity Online Alliance (FIDO). “If you don’t eliminate dependency on the password you’re not solving the problem, you are only treating the symptom.” FIDO includes 170 members including manufacturers of hardware and software.

Many industry experts also share that outlook.

“Moving the world away from passwords is an enormous task, and FIDO will succeed where others have failed,” said Microsoft program manager Dustin Ingalls.

International Data Corp predicts that 15 percent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 percent by 2020.

Some worry, though, that instead of fixing security problems, biometrics will only create a new universe of risks.

“If you have a credit card that gets compromise you can get a new credit card, but what do you do if your iris or your fingerprints get compromised?” said Sascha Meinrath, head of the New America Foundation’s X-Lab, which studies new technologies. “This presents an entire new realm of security problems,” he said.

Meinrath said that there have already been successful efforts to fake people’s fingerprints, and that the security that biometrics could provide could also be compromised.

At the least, biometrics will serve as an important weapon in the fight against cyber terrorism, especially at a time when major companies have suffered large losses from data theft.

“We don’t know what the technology will be,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies in Washington. “Consumers will decide what they like, and we will then see if the bad guys can figure out how to crack it,” he said.