Former Microsoft chairman Bill Gates predicted the death of the traditional password in 2004, saying it “cannot meet the challenge” of keeping sensitive information secure. According to his forecast, users across the globe are going to use passwords less and less, at which point he then demonstrated ‘tamper resistant’ biometric ID card software that allows companies to identify their employees using biometric technology.
Fast forward to today and we see that Gates was only partially right; we use passwords for every aspect of our digital life and sometimes to streamline the authentication process. That's despite the fact that everyone dislikes passwords and the tremendous effort to replace them with biometrics: fingerprint recognition, iris scans, facial scans, voice recognition, or even your heartbeat.
In other words, biometrics aren't yet ready to replace passwords, and here's why.
1. There Isn't a Reliable Biometric System Available
In the quest to replace having to type out a traditional password, researchers have proposed various methods. One suggested by a computer scientist at Hong Kong Baptist University was lip movement, which utilized a system that analyzed the lip shape and texture of the person speaking a password and matched it with a database to grant access. The user had to speak the password aloud while the software analyzed the words and the lips, and determined whether he or she was the rightful user.
The ‘lip password’ – not yet implemented in any popular handsets or computers – faces the same issues that other biometric authentication systems do, meaning it only works in favorable or ideal conditions. In the case of the lip password and facial recognition systems it is the lighting can defeat the system, whereas in the case of a fingerprint reader (such as Apple's Touch ID incorporated into the Home button) simply having damp hands can be an issue. Buggy iris scanning or facial recognition software is also a problem.
Apple has raised the bar with Face ID, a facial recognition system introduced with the iPhone X in September 2017, but that is yet to be fully tested by users.
2. You Can't Change Your Biometric Password
Users of biometric authentication systems such as Touch ID will understand the convenience: there’s no need to type that lengthy master password into 1Password to log in – finally! Just place your thumb on the iPhone's home button or the Touch Bar's power button on the MacBook Pro and you’re in. How easy is that?
But there is a teeny-tiny problem with biometrics in general. The set of biometric data for authentication is limited to your fingers, face, eyes and voice. Considering you don't live in the forest, you’re continuously leaving traces of this very data: a fingerprint on the glass from which you had fresh juice; your face can be easily photographed and your voice recorded; even your lip movement. It's that easy to pick up any traces of your biometric data and copy them. Also, since we’ve seen Apple's Touch ID cracked by the researchers of the German Chaos Computer Club shortly after the device hit the market it’s clear this tech isn’t totally secure just yet.
And now the problem: your biometric data is unique. That's a major advantage when it comes to authentication but if it does get stolen then it becomes a problem because it cannot be changed, unlike a stolen password that can replaced with a fresh – and hopefully more secure – one whenever you might need to. That cannot be said for the roughly 5.6 million people who have had their fingerprints stolen from the Office of Personnel Management database.
3. Biometrics Can't Be Shared
Another huge limitation of biometrics is that they cannot be shared. How many times have you wanted to hand over a handset or tablet to your spouse to read an important message you received or just wanted to let the kids watch their favorite song on YouTube? The content remains locked on the device until you either clone yourself for such occasions or share the passcode or password so the other person can log in.
These are just three of the many reasons why biometrics won't replace passwords anytime soon. We cannot deny the convenience biometric authentication systems bring, but there is still so much work to do. Until then, either get used to typing that password or discover the convenience of using a password manager.
Best Password Managers of 2019
|Editor's Choice 2019|