Biometric
What is biometric authentication?
Every now and then, the world pivots. Something happens that
changes the way we do everyday things.
2020 is the pivot toward the everyday use
of biometric authentication.
Biometric authentication is better
than passwords, 2FA, and non-FIDO MFA
Biometrics replace passwords as an easier, safer way to authenticate.
Biometric authentication measures (the metric) a user’s biology (a
thumbprint, for example) against a stored version of that metric. If a
match is made, authorization is granted instantly. Because
biology-based proof is more secure than any other authentication
technology we’ve seen, and because of its speed, accuracy, and
accessibility, biometric authentication is becoming commonplace.
Biometric scanners can be used to secure physical entry points.
Governments around the world already use fingerprint and retina
scanners at airport gates and national borders. Private companies
protect sensitive information with restricted biomarker floor and room
access. But what has driven widespread acceptance of biometric
technology has been its integration into smartphones, tablets, and
laptops—any digital device with a user interface (UI).
Biology-based authentication is catching on because it’s sleek,
efficient, and secure, and the barriers around it have disappeared.
Biometric readers grant access in one single step without memory work
(passwords) or retrieval (2FA/MFA).
And that sounds good to security companies, eCommerce sites,
corporations, and to the average Joe.
Biometric authentication technology is utilized in 62 percent of
companies, and an additional 24 percent plan to utilize it within two
years. In fact, 46 percent of organizations are using biometric
authentication tech on smartphones, which may be influenced by
employees bringing their own mobile devices for work purposes.
Additionally, 25 percent of organizations report using biometric
authentication tech on laptops, while 22 percent use it on tablets,
and 17 percent use it on time clock systems (popular in manufacturing)
to verify the identity of employees.
—Spiceworks
Military-grade high-tech biometric access is now mainstream, but most
people don’t know that yet. And because the marketing fire that’s
about to disrupt the authentication industry hasn’t ignited full
scale, users are fumbling around with passwords.
Not all 2-Factor and Multi-Factor
Authentication is created equal
Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA)
were created to address the weakness of passwords. A second protective
layer of security makes it more difficult for a threat actor to steal
your login info. Easy-to-steal passwords become less easy to steal.
But 2FA has its own shortcomings, depending on what that second factor
approach is.
It goes without saying that 2FA adds another step for the user. But
that wouldn’t be a big deal if it really did provide more security.
But let’s take a look at SMS OTP (one-time-password). That’s when a
code is sent to your smartphone that you enter at the login screen of
the website you are trying to gain access. The code verifies that the
person making the transaction is in fact the owner. In theory, it
makes sense. In practice, a malicious app can intercept that code,
giving threat actors an opportunity to sneak in. And what if you don’t
want to enter that 6-digit code to verify that you really are who you
say you are? On the surface, entering a 6-digit code to verify that
you really are who you say you are? On the surface, entering a 6-digit
code isn’t much better than entering an 8-digital password.
But 2FA may be here for a while due to compliance mandates. Regulatory
bodies bought into 2FA, so companies will head that way in the short
term to satisfy regulatory compliance minimums.
Enter the FIDO Alliance and LoginID
“The FIDO Alliance is working to change the nature of authentication
with open standards that are more secure than passwords and SMS OTPs,
simpler for consumers to use, and easier for service providers to
deploy and manage.”
— FIDO Alliance
FIDO explains the password problem like this:
Passwords are the root cause of over 80% of data breaches
Users have more than 90 online accounts
Up to 51% of passwords are reused
1/3 of online purchases abandoned due to forgotten passwords
$70: average help desk labor cost for a single password reset
All that sounds very unsafe and expensive, doesn’t it?
That’s why FIDO has worked very hard to replace password-only logins
with secure and fast login experiences across websites and apps that
will
Mitigate data breach risks and damages
Deploy FIDO-enabled services (like LoginID) to a rapidly growing
addressable market
Design a low-friction user experience that will create more site
visitors, brand affinity, and employee productivity
Provide huge cost savings through avoidance of password resets,
device provisioning, customer support
Some of the biggest corporations depend on it (Bank of America,
DropBox, EBay, Google, Paypal, Target, and Amazon to name a few). And
though it works with 2FA and MFA to make these forms of authentication
stronger against phishing and other common attacks, it works most
effortlessly with passwordless biometric authentication.
What are the benefits of biometric authentication in 2020?
It’s hard to fake a biological trait. Like, next to impossible.
In contrast to passwords, badges, or documents, biometric data cannot
be forgotten, exchanged, stolen, or forged. According to calculations
made by Sir Francis Galton (Darwin's cousin), the probability of
finding two similar fingerprints is one in 64 billion even with
identical twins (homozygotes).
—ThalesGroup
That’s why biology makes sense as a secure way to prove identity. And
yet, it took a long time to get here as a readily-used alternative to
passwords. There were tech hurdles to overcome before biological
traits could be introduced to the world as a better option than
memorized key clicks.
Now that the technology is precise, biometric authentication is
grabbing hold at a ferocious pace. There are a few reasons for that,
but user experience is the top driver for adoption.
It’s convenient. Your biology is always with you. You don’t
have to remember a string of characters, and you don’t have to
store that easy-to-hack yet hard-to-remember combination in a
password vault (which comes with its own set of security risks and
access inconveniences). Biometric authentication takes the burden
off the user.
It’s easy to install.
A common misconception is that biometric authentication will
require a multi-stage, capital-intensive installation, and
probably a team of expensive programmers. Maybe even an entirely
different platform built on top of current company software and
servers. But, with our help, ease-of-installation can be one of
the many bonuses of biometric authentication. LoginID offers
open-source code that makes authentication using biomarkers a
programmer’s dream to integrate. To make things easy, LoginID
offers strong biometric authentication to the masses. We developed
LoginID’s API as a one-click grab-and-go. There are no barriers to
implementation. And everyone can access strong authentication
technology—which makes the world a safer place, one secure
biometric login at a time.
It’s affordable.
The cost of protecting against dark web activities (identity
theft, account takeover fraud, and enterprise data breaches) costs
$millions. That makes investing in a rock-solid biometric
authentication system that stops threat actors from stealing
confidential information a smart option. The good news is that
biometric-based technology can now be cost-effective - even cheap
compared to compliance penalties and after-the-fact emergency
maneuvers. LoginID provides a flexible cost model. The first tier
is free. Payment scales as users scale, a model that works well
for eCommerce enterprises because less friction at the cart means
more success at the cart. And more success at the cart means more
profit. And with rising revenue comes the ability to pay at scale
for the biometric technology that reduces friction in the first
place.
Faced with document fraud and identity theft, new threats such
as terrorism or cybercrime, and the changes in international
regulations, new technological solutions are gradually being
implemented. One of these technologies, biometrics, has quickly
established itself as the most pertinent means of identifying
and authenticating individuals in a reliable and fast way,
through the use of unique biological characteristics.
—ThalesGroup
It’s safer.
The biggest benefit to biometrics is security. It’s the most
unbreakable authentication technology that exists today. Passwords
can be stolen and cracked—
80% of data breaches
leveraged weak or phished passwords. But biometrics removes the
“stealable” component. No credentials are entered. No server-side
secrets are saved. The verification pathway can’t be intercepted
because, with biometric authentication, the stored mirror-image of
your biomarker stays right there on your device.
It’s a better experience.
User experience
tops the charts in 2020.
It’s no longer good enough just to make things secure. Logging in
has to provide a great experience, too. This is true with the job
market, inbound marketing, website design, and the authentication
industry. If developers want to streamline useability,
frictionless carts win the day. And what makes those carts
frictionless is that the buyer can click the buy button, scan a
biomarker, and complete the transaction without pause. Studies
show that when a buyer pauses at the password stage (because they
can’t remember their password), that causes cart abandonment. Cart
abandonment costs the eCommerce industry
$18 billion a year.
The buyer ends up frustrated and the seller ends up short.
Biometric authentication gives buyers a quick and easy (and super
secure) way to complete a purchase. The buyer is happy with a
brand new ‘whatever’, the seller is happy to make a sale, and the
developer who created that easy buying experience gets hired to do
the same elsewhere. Win-win-win.
Biology-based security as a futuristic concept
has been replaced by widespread acceptance and a race to implement
biometric tech in the workplace, on eCommerce websites, and in our
personal lives.
Security professionals are on board
IT managers spend too much time fortifying the critical weaknesses of
passwords that hackers have exploited for 60 years. Employees take
their work home where firewalls don’t exist and wireless routers blink
away naked in basements like beacons for threat actors. The limping
password threatens to tear down the tightly-managed security system
that blockades the office. It’s going to open up too many breach
opportunities as employees try to grab their files from wherever
they’re working remotely—a trend that has gained enormous momentum,
increasing 173% since 2005.Security providers look to squash those vulnerabilities and biometric
authentication fits the bill.
Consumers are on board
On the other side of the digital verse, consumers beg for a way to buy
the stuff in their cart without jumping through hoops. Aside from
being vulnerable to phishing scams that dupe users into voluntarily
handing over their dog’s name + birth year, passwords are cumbersome.
Sentimentality makes them too easy to figure out and short passwords
can be unlocked by hacker algorithms in
seconds.
That’s why minimum password lengths exist, a frustrating safeguard
that results in exclamation marks and zeroes at the end of standard
alphanumeric combinations—slight variations of ol’ faithful. Long,
meaningless passwords require memory acrobatics or paying for a
password vault to store those variations. Needless to say, the desire
to move beyond passwords has been there at the end-user level for a
while, too.
There are different unique human traits that can be used to confirm
identity:
Fingerprint scanning
Facial recognition
Voice recognition
Ocular scanning
Fingerprint scanners were the first biology-based readers built into
smartphones, with Apple and Samsung leading that charge. Then Apple
took things one step further releasing facial recognition on its
iPhone X. Smartphone users leapt at the chance to touch or look at
their screens for instant access to the hundreds of apps that ran
their lives. But pin codes and pattern codes still lived on these
devices as fail safes for when these new bio-scanners
failed to recognize thumbprints and faceprints.
What makes biometrics-based authentication so secure?
Two words: encryption and uniqueness.
Biometric data is more secure than passwords as an authentication
mechanism because it depends on the DNA of its user. An algorithm
processes an image into a digital construction. It converts unique
biological minutiae points and patterns into binary zeros and ones. It
then compares those zeros and ones and requires an exact match.
Phishing scams work with passwords because they trick the user into
giving away their login credentials. Biometrics takes gullibility out
of the equation. You can’t give away your face print, iris markers, or
thumb pattern.
3 reasons why LoginID FIDO biometrics is the industry leader
In any market or industry, there will be players and there will be
leaders. Here’s what separates LoginID FIDO biometrics from the pack:
Industry based, not proprietary. By its nature, open-source
is a shared platform where no company and no person owns it. When
a piece of technology is owned by one entity, that technology gets
pushed down a narrow hallway that makes that entity money (where
you must trust that entity’s claims about standards and security).
But with open source, that same piece of technology is worked on
by thousands of people who don’t have an agenda and where the
giant open visibility means you can see adherence for yourself
(greater audibility). Because of its open nature, FIDO LoginID
biometrics will work across all platforms on all devices
regardless of the behemoth at the top (Android, Apple etc.). Linus
Torvalds (the creator of Linux) said that “Given enough eyeballs,
all bugs are shallow” (Linus’ Law). That means the more people who
have access to and can test a thing, the fewer flaws there will be
and the quicker any flaws will be flagged and fixed. Open-source
adheres to open standards better than proprietary, which makes for
greater interoperability across companies, markets, industries,
devices, and platforms. That’s LoginID.
It’s hardware-based, so there is no risk of software
attacks.
FIDO protocols use standard public-key cryptography to provide
stronger authentication (for registration and login). When
registering on a website, the user’s device creates a key pair
between that device (the private key) and the public service (the
public key). The device holds onto that key and registers the
public key with the online service. Then, when logging in,
authentication matches the private key on the client device with
the public key. The client’s private keys can be used only after
they are unlocked locally on the device using biometrics. The
local unlock takes only a second, scanning a fingerprint, speaking
into a microphone, or looking straight ahead to recognize
biometric facial features. The FIDO protocols are designed from
the ground up to protect user privacy. The protocols do not
provide information that can be used by different online services
to collaborate and track a user across the services. Biometric
information, if used, never leaves the user’s device.
— FIDO Alliance
It’s accepted by regulatory authorities worldwide and it’s
gaining momentum in the industry.
A great thing is only great if it both disrupts the industry and
gains adopters because of that disruption. LoginID FIDO biometric
authentication has proven itself as the way forward in the
authentication industry. It is now used and supported by some of
the biggest companies in the world. In 2020 LoginID is poised for
mass adoption as the technology becomes more widely known amongst
the smaller circles who will find it easier to trust what the big
players use and love.
Biometric authentication is the passwordless future
The global biometric market is expected to top USD 50 billion by
2024.
We’ve moved beyond passwords, but the rollout is still happening and
the science,
algorithms, and scanning devices are still improving. Roughly half of
all websites and apps still use passwords as the only form of
authentication. Just around the corner, everyone will know about, and
start using, biometric authentication because consumer adoption will
make it commonplace. Until recently, biometric technology was
difficult to source. When found, it wasn’t easy to integrate. But
companies like LoginID have changed that, knocking down the barriers,
reducing friction, and increasing security. If we want to move beyond
passwords for good and upend the unsafe, clunky status quo, the
purveyors of biometric authentication must make it easy to adopt.
LoginID’s copy/paste API makes biometric authentication freely
accessible for any developer to install on any site or server,
creating a seamless experience for individuals and a profitable result
for enterprises.