Industry Trends

Four Reasons the Masses Might Not Be Ready for Biometric Logins

By Srikant Manda | July 13, 2016

According to research, nearly half (40 percent) of people in the U.S. and the U.K. have fallen victim to an online account being hacked, a password stolen, or personal information being compromised. Stats like these have many industries, like banking, scrambling for ways to batten down the hatches when it comes to protecting sensitive customer data.

In fact, the frustration banks have experienced by thieves stealing personal data from millions of customers has prompted swift action, as many of the largest entities (like Bank of America and Wells Fargo) are now investing in biometric technology to offer “better” security, according to a recent New York Times article

However, after reading what some of the largest banks plan on doing, I don’t believe biometric authentication will be adopted by the masses. Why? Here are a few reasons:

  1. Lack of Flexibility

We have all experienced times when we forget our passwords. When this happens, we typically just click the “forgot password” button, enter our email address, and simply reset the password to something we’ll easily remember.

But what if banks that switch to just relying on biometrics (retina and fingerprint info for example) to authenticate users experience hacks and instances of stolen data? Individuals will not be able to simply “change” this information with the click of a button, and although the bank wins by having users’ eyes and fingerprints unique to their authentication system, the personal data of the user will ultimately be in the hands of someone else.

  1. Comfort

If there are people out there like me, banks will struggle with relying on biometrics due to the unfamiliarity of the process among the user base. I, for one, will not be comfortable exposing my eye to an LED scan for the purpose of authentication.

And, fingerprint authentication? Well, that reminds of the time when people were deemed illiterate and had to sign for things with a thumbprint. Just because today’s smartphones and other technologies allow for these types of log-in options, it doesn’t necessarily mean the masses will sign off to participate.

  1. Biometrics Aren’t the Only Option

Before jumping straight into a “biometrics-only” authentication process, users like me would prefer to see banks adopt two-factor authentication (2FA). This type of authentication allows for an additional layer of protection by combining something you know (your password) with another form of authentication that is unique knowledge to you at a given time (like a mobile phone).

I believe 2FA is extremely effective, and according to the research referenced earlier in this post, I am not alone. According to the data, 86 percent of people that use 2FA feel their accounts are better protected against account breaches (yes, even without having to have our eyeballs scanned by LEDs).

  1. Fingerprints are Extremely Personal

As our current justice system stands, fingerprints are currently admissible in court as legitimate evidence to place a person at the scene of a crime. So, let me pause and get this straight. The same banks that are being hacked by cyber criminals expect myself and others to make this information available?

By logging in with biometrics, my fingerprint would then be stored in a database and could become easily available to criminals. With a little reverse engineering, the stored data with my fingerprint could potentially be used to falsify crimes and ruin lives. 

While there is no denying that standard password-based logins are becoming antiquated and easy to steal in today’s day and age, I don’t think the masses are quite ready to make the jump to biometrics-based logins. As technology allows industries to speed into the future, it will be interesting to see if the customers of these industries are willing to hold on for the thrill ride.

What are your thoughts on many of the major banks moving to facial scans, fingerprints, voice recognition and other types of biometrics to safeguard accounts? Connect with us @FortinetFinServ on Twitter to get a conversation started!