Despite high profile data breaches at companies, including Target and Sony, consumer behavior toward protecting personal identifiable information (PII) has not changed significantly. People still use simple passwords — i.e. ‘password’, and too often use the same password to protect multiple accounts forgoing strong authentication.
Hackers who get access to one account can get access to all. People who do use multiple passwords for their various account have the burden of actually keeping track of them all, which can create a great inconvenience. These problems are rooted in the same cause: overreliance on password authentication.
Given the rise of major hacking incidents, and the general consensus that there must be a better way, an alternative is needed that is effective, yet easy and understandable for consumers. A substitute for password or PIN-based authentication must be at least as simple, if not much simpler, than current methods of authentication. People want better security, but the way we will get there is through convenience.
“Consumer Authentication” technologies offer an effective, convenient solution that also protects individual privacy. This multi-pronged approach relies on a combination of two or more forms of identity verification which could involve something you know — a password — but even better the use of something you have — an authenticated proof-of-identity document — and who you are a biometrics.
Document authentication uses technologies to scan and check the security features present in a identity document, like a driver license or passport, to verify the authenticity of the document. The U.S. driver license is the most trusted document most people carry to prove an identity, because of the security of the credential as well as the vetting process required to obtain the document.
With advancements in mobile computing, it is now technically possible to create a digital version of a driver license that offers the same level of security as a physical license. The Iowa Department of Transportation is launching a pilot program that will provide a driver license app on resident’s smartphones in 2015, and other states are following suit. Consumer authentication will rely on technologies like this in the future.
In addition to document authentication, consumer authentication relies on biometrics, which are based on a person’s unique physical characteristics. The most common use of biometrics is fingerprint recognition, which has been used by law enforcement for decades, but is becoming more common in commercial applications as seen in the newest iPhone and other smartphones.
Other forms of biometrics have also become quite practical in recent years. Facial recognition uses algorithms to construct a unique template of an individual’s facial features, and iris recognition has already been used in some of the largest national ID programs in the world. It is touted by many experts to be the most accurate biometric: it matches 240 unique characteristics of a person’s iris, and is seven times faster than fingerprint recognition, and more than two times faster than facial recognition.
Biometrics can protect a person’s privacy because they are tied to an individual’s unique physical identity and cannot be changed or shared with others. But they aren’t just more secure, they’re also more convenient. A fingerprint scan takes less effort than inputting a password and it doesn’t require the user to remember anything. Americans understand these benefits: a 2013 Zogby poll showed that a large majority of smartphone owners are comfortable using biometrics to replace passwords on mobile devices.
The solution to making the “post-password world” a reality is to make document authentication and biometric identification technologies readily available, affordable, and convenient. Apple’s introduction of the fingerprint reader into the iPhone was a watershed moment for biometrics and introduced fingerprint recognition to the world in a new way. Samsung recently filed a patent for facial recognition technology and retailers like Nordstrom are using facial recognition to identity VIP customers in its stores.
Mobile devices themselves have matured to the point where they can handle multiple modes of authentication. Soon, the use of a digital driver license on our mobile phones, paired with biometrics, will likely provide the key to easy two-factor authentication in the commercial sector. It would be simple, effective, and require nothing more than a quick scan of an ID document and your face.
So when will people start using better credentials? When they become more prevalent and available. Biometrics are finally becoming a household term, and their benefits are more widely understood. Document authentication technologies are also becoming much more common, and will be available for widespread consumer use. It’s in the interest of industries from banking to travel and beyond to embrace these advancements and make them available to consumers. With regards to biometrics and better authentication: If you build it, the consumers will come.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the market to serve as Expert Panelists. Individuals are asked to share their unique insight into different aspects of the campus card market. During the months of December, January and February these panelist’s predictions are published at SecureIDNews.