Why Biometrics Haven't Taken Off

Why Biometrics Haven't Taken Off

Users of many of today’s smartphones can unlock their devices with a fingerprint swipe and in some cases, simply with a glance. People with Windows 10 PCs have numerous biometric options for access including eye and facial recognition. You can even draw on a picture to confirm your identity.

So why aren’t more companies using biometrics? The answer is complex and is tied to a range of factors.

In the early days, biometrics technology was certainly expensive and complex and as a result, used almost exclusively in the military or at high-tech companies.

Today, however, biometric technology is becoming more commonplace. It is increasingly device agnostic and being used to provide access to everything from buildings to computers.

But many companies are still apprehensive. Some of the reasons are:

Computational intensity - While fingerprint scanning can be managed locally on a device, more complex biometric markers like voice recognition require more processing power. This often means managing the data on the back end – requiring more robust infrastructure.

Fear of surveillance - Facial recognition in particular is becoming a standard practice in proactive policing. At a music festival in England in 2014, police scanned every person who attended in order to compare them against a database of known criminals. Attendees found this intimidating and “creepy”.

ID unreliability - environmental factors like speaking your password into your device in a crowded train station naturally limits accurate authentication and hence its usefulness. Passwords on the other hand can easily be used on any device regardless of location or setting.

Lack of standards –defined and accepted protocols allow us to use any web browser to access the Internet or any phone to make a phone call. Unfortunately, the same can’t be said for biometrics. Currently, no government has created standards for the creation, use, or storage of biometric information.

Lack of revocability -  biometric-based authentication by its very nature lacks revocability, meaning that a biometric cannot be tossed away and replaced like a password or a credit card number. Rather, it is permanently associated with a user.

With the IoT revolution in full swing and more and more devices needing to be protected, biometric authentication is poised to succeed.

Ultimately, biometrics have the potential to provide much more seure access to sensitive information than conventional passwords, which can be easily forgotten, lost or hacked. Financial institutions and government agencies are already starting to migrate to biometrics as the most viable solution for data protection. It is likely that more organizations will follow suit in the coming years as these issues get addressed.