Is the hype around biometrics justified?
Despite growing adoption and promises of seamless security checks, the technology still needs work
Although we've had nearly 50 years of research and development into biometrics, only recently has the technology become small enough, cheap enough, and reliable enough that it's found its place in everyday life.
Continuous innovations in biometrics, combined with a growing need for faster and more secure access to services, is fuelling a market that's ballooned from $10.74 billion (7.5bn) in 2015 to $32.73 billion (23bn) by 2022, according to figures from Markets&Markets.
Yet, it wasn't so long ago that the idea of fingerprint scanning as a form of identity was considered niche, and until the launch of the iPhone X and Galaxy S8 generation of smartphones, unlocking a device with your retina was still arguably a futuristic concept.
While the technology is still fairly clunky in the consumer space, it's nevertheless reached the stage where biometrics are now standard in the feature set of a smartphone. It's this growing familiarity within everyday use that's going to help drive an uptake within the enterprise.
Managing the customer experience
The technology has progressed a great deal since its early days, within both the corporate and consumer spheres, helped in no small part due to the need for a compelling alternative to increasingly complex password strings.
According to Pew Research, the average individual has to remember between 25 and 150 passwords or PIN codes, with 39% saying they use the same or similar passwords in order to avoid confusion. While this, of course, is understandable given the number of online accounts a person may have, it creates the perfect environment for identity theft.
Unfortunately, while fingerprint scanning was perhaps the technology's earliest success, recent developments made around voice and face recognition have been comparatively narrower in their application, says Bob Tarzey, independent analyst formerly at Quocirca.
"Iris/retina scanning requires specialist devices and is more restricted in its use," says Tarzey, highlighting airports as an example of where biometrics has helped transform security by using specialist systems.
"There are also secondary biometrics, such as recognising individual patterns around device and keyboard use," he adds, but these have so far been limited in their deployment.
The problem is that users will get frustrated if they are constantly having to present body parts for checking, so biometric authentication only works effectively when deployed alongside single-sign-on systems, where there's only occasional checking when a user accesses a system.
"Exceptions here may be facial scanning," suggests Tarzey, "which as it improves may be good enough to enable more-or-less seamless physical access checks."
A deployment headache
The issue for businesses is that there are so many options now available, the process of deciding whether you're likely to benefit from a biometric system, let alone what package to go for, can be overwhelming.
As with any deployment of new technology, it's important to know precisely what problem you're trying to solve and what experience you ultimately want for the end user.
For example, for those businesses looking to increase the number of methods for serving customers directly, there's the option to deploy a biometric system on the server-side so that authentication is done centrally. This means that biometric checks could be quickly deployed to new customer-facing portals, such as logging into an account from a mobile.
However, there's nothing quite as frustrating as an added security layer that takes far too long to bypass. In order to truly enhance the customer experience, it may be worth deploying more than one biometric measure, whether that be vocal, facial or behavioural, so that users have a choice or a backup option should they hit a brick wall in the authentication process.
A more sophisticated method is to layer passive and active biometric checks. Some of the most sophisticated, yet customer-friendly systems use an initial layer of authentication that checks a user's behaviour automatically, such as how they type or the way they hold a device, and compare this data to past logins. The active layer would only kick in if this initial check failed.
In this way, the user has no knowledge of the added checks and the experience stays largely the same.
The biometric future
The problem is that biometric technology is still too inaccurate and limited in its application. While layered systems have been developed to improve the way users access services online, they're far from perfect and only really work with login forms or when unlocking a device.
Dave Roat, strategy manager at Cubic Transportation Systems, a company that has previously deployed contactless systems on some of the world's largest transport networks, says the technology is still some years off from being integrated seamlessly into everyday life.
"More investment, innovation and trust are required before it is successfully rolled-out on a mass scale," says Roat. "In peak rush hour times, where a huge volume of commuters travel through stations all at one time, identification and fare collection must be 100% accurate."
He argues that biometrics has its place, but for now that is in the form of supporting more traditional means of authentication.
"Our data shows facial recognition needs to improve, which is why solutions might have to include more than one piece of travel authentication," says Roat. We'll more likely see biometrics serving as an additional method of validation, working in conjunction with traditional ticketing and validation systems, such as mobile tickets or contactless payments."
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now