Biometric technology such as fingerprint and facial recognition have been heralded for years as a replacement for passwords. While this may be true in the distant future, there are a few challenges that have yet to be solved before they can fully replace passwords:
- Biometrics can’t be encrypted – biometrics is an effective gatekeeper to grant or deny access to data, but it can’t be used to encrypt data. This is why even the latest phones still require passwords at setup and upon reboot.
- Passwords can be updated – hackers have demonstrated that facial recognition can be tricked, and digital fingerprints and iris scans can be stolen. Unlike passwords, these biometric identifiers cannot be changed, making passwords and passcodes critical to how we protect and access information.
- Passwords don’t tie you to a device – using a password to log into an online account works everywhere and on any device. Biometrics cannot do the same as it is tied to a particular device. This is why apps that people frequently access from multiple devices (e.g. Netflix) always require passwords.
- Biometrics present bias obstacles – there are serious concerns regarding whether or not some ethnicities may be disenfranchised due to facial recognition flaws. Until these concerns are adequately addressed, passwords will remain the most feasible option for identity and access management.
- High-risk environments still require multifactor authentication – cybercriminals make a living stealing information and are becoming more sophisticated at it. More complex threat landscapes mean an increased need for multifactor authentication. In the highest-security environments, individuals must authenticate their identity multiple times per day via multiple factors.