Biometric authentication: verifying your identity

The days of remembering a slew of passwords may be fading into memory. Biometrics is growing in use and popularity because it’s considered more secure and offers better protection against fraud.

You probably already use this form of authentication in some way - maybe you use Nexus’ iris scan technology when you travel (welcome back, travel!), have a voice ID with your bank, or scan your fingerprint to access your smartphone.

Biometric authentication is a sophisticated technology that’s commonly used for airport security, law enforcement, banking, smartphones, home assistants, building access and more. With it’s growing use, it’s a good time to dig a little deeper into biometric authentication, how it works, why companies are adopting it, how it protects us against fraud, and some of the key privacy concerns associated with it.

Consumers want better authentication

According to the biometricupdate.com report, Authentication Frustration: How Companies Lose Customers in the Digital Age, 44% of the 2,000 consumers surveyed consider biometrics an easier and better method of authentication. Interestingly, 55% of respondents cite the quantity of passwords they need to remember as their top problem, and 81% prefer to interact with companies that verify their identity simply, quickly and safely.

Biometric authentication explained

TechTarget defines biometric authentication as, “a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.” Different methods of biometric authentication include DNA matching, retina/iris scans, fingerprint scanning, facial recognition and voice identification.

Backend systems process the physical or behavioural data you provide and compare it to authenticated data stored in a database. If there is a match, you are authenticated and granted access to your account or the building you are trying to enter, for example.

Is biometric authentication secure?

With the use of unique physical or behavioural characteristics for verification, biometric authentication is considered more secure (and convenient) than traditional password authentication. While traditional passwords can be forgotten or even guessed by fraudsters, biometrics is personal in nature, unchangeable and distinctive.

There have been concerns raised over the security of data stored in biometric systems. If these systems are compromised, hackers can access highly sensitive, personal data and compromise people’s identities. However, biometrics is still more secure in that it eliminates the layer of human error commonly associated with passwords – people not using strong passwords, using the same password on multiple sites, and the prevalence of stolen passwords on the dark web.

What about privacy?

A Toronto-based law firm has raised some privacy concerns around biometric authentication in its article, Biometric Identification and Privacy Concerns – A Canadian Perspective. The article states, “the characteristics that make its use ideal for the purposes of identification or authentication are the same characteristics which raise concerns among privacy advocates.”

While biometric authentication adoption is growing, there are still gaps in how to apply privacy laws. Currently in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) regulates the collection, use and disclosure of all personal information in the private sector for all commercial activities. The article goes on to explain that both current federal and provincial privacy laws in Canada are based on fair information handling practices, which focus on:

• Informed consent
• Reasoned and limited collection, use and disclosure of personal information
• Ensuring personal information is adequately secured

Biometric data is being handled like all other data, which means that companies are interpreting fair handling processes and applying them to their own business practices based on those interpretations. As of now, there is no specific language or guidance in Canadian privacy legislation governing biometric data. The authors believe the challenges associated with this new method of authentication and the associated technology require an evolved privacy framework that reflects this new reality.

It seems that password fatigue may subside as more companies adopt biometric authentication. While it improves security and reduces the risk of fraud, there are some privacy concerns. If you’re using biometric authentication, make sure you ask questions and dig a little deeper so you’re aware of the securities in place to protect your privacy.