Biometrics: A Next-Generation Authentication Mechanism

Feb 11, 2016 | by RSA

The days of username and password combinations are coming to an end as next-generation authentication mechanisms come of age. Faced with having to remember old-style credentials for an ever-wider range of applications, most users have resorted to insecure password management practices such as writing down credentials. This is especially the case when using complex passwords or reusing the same credentials for multiple applications.

Acceptance of Biometrics Is Growing

One form of next-generation authentication now coming into its own is biometrics. According to a recent Accenture survey of 24,000 consumers worldwide, 60 percent said usernames and passwords are too cumbersome to use, and 77 percent said they would be interested in an alternative mode of authentication. When it comes to biometrics, 58 percent stated they would be interested in using them.

A recent Stratistics MRC report estimates the global market for biometrics will grow from $13.3 billion in 2014 to $29.4 billion in 2022 at a compound annual growth rate of 10.4 percent. Growth will come from both commercial and home-security applications, with help from increasing adoption of e-commerce services and e-government.

Biometric Sensors Are Being Built into a Wide Range of Devices

According to an RSA white paper, the future of authentication is about providing a choice for users and the need for secure authentication that facilitates user compliance with security policies. Biometric technologies have come a long way from their original reputation of being inconvenient and expensive to deploy. This is changing as cost-effective biometric sensors are built into the current generation of mobile devices, including in cameras and speakers, making them much more convenient for users.

The latest devices, including the newest generation of smartphones, provide security at the hardware level, while biometric information is validated separately from the core operating system, ITProPortal states. This enhances security because core operating systems are susceptible to malware. As more wearables and the Internet of Things come into everyday use, biometric identifiers are expected to be embedded into a much wider range of devices.

Biometrics Hold Promise for Secure Payments

One area in which biometric identification holds considerable promise is in making financial payments more secure. According to Biometric Update, voice and facial recognition will greatly help combat fraud that results from lost or stolen credit cards or from data stolen during transactions.

For instance, MasterCard is currently running a number of pilot programs around the world and partnering with major smartphone manufacturers. To use MasterCard's service, users have to first download an application onto their device. When they go to make a transaction, a pop-up window will ask for authorization. Users can choose to provide a fingerprint impression by touching the screen or taking a facial image through the camera. For the latter, Fortune explains, users will look at the screen and blink to authorize the transaction. Because users must blink, the system cannot be duped by a photograph. Given the current trend of selfies, many will feel comfortable with the facial recognition option.

To ease security and privacy concerns, MasterCard states it does not actually receive a fingerprint scan, nor does it actually take a picture of the user. These images never leave the device; rather, the facial recognition technology maps the user's face and converts it to data, which is transmitted over the Internet.

As time goes on, the role of biometrics as a next-generation authentication mechanism will only grow in importance as this trend is driven upward by the wider availability of senors in devices and growing user acceptance.

Author: RSA

Category: RSA Fundamentals, Blog Post

Keywords: Authentication, Biometrics