Posted By: Nishant Kaushik | Posted On: February 1, 2018
Our CTO, Nishant Kaushik, published a great post about biometrics security/authentication on his personal blog earlier this week regarding their implications and the danger of trade-offs in security and usability.
This article was originally posted on Talking Identity on January 29, 2018:
"The last few years have seen an uptick in efforts to use biometrics more widely in authentication, most notably driven by the consumerization effect of Apple introducing Touch ID and Face ID. But this could be the (strong) nudge that was needed to push it over the edge. Mastercard just announced that all issuers of Mastercard-branded cards would be required to offer biometric authentication for remote transactions and contactless transactions made at terminals using mobile devices by April 2019. In explaining the motive behind their move, they cited:
- The EU’s new regulatory requirements for strong authentication
- 92% of banking professionals want to introduce biometric ID
- 93% of consumers would prefer biometric security to passwords
- The abandonment rates in purchase processes can drop by up to 70% when biometrics are used compared to other 2FA based mechanisms like SMS-based OTP.
Can’t argue with that data. The decision for anyone to start the move towards biometrics is pretty much a no-brainer. The real question is whether there is a trade-off being made here.
The Dark Side of Biometrics
A while back, I was engaged in a debate over whether or not biometrics really is an authentication factor. After all, biometrics (fingerprints, voice, face) are inherently public, unlike a password which is meant to be a secret. And as the use of biometrics gets pushed more widely, an interesting dilemma crops up..."