Is It Time to Bid Adieu to Passwords?
The humble password could soon be extinct, and biometrics could take its place—a technology that, in the past, was more apt to be found in a sci-fi movie than at your local bank. New uses for biological markers may offer consumers a safer, faster and easier way to make purchases and access accounts.
Passwords aren’t perfect. They’re easily forgotten or hacked. “[It wasn’t] envisioned that it would turn out the way it has, that people would have multiple accounts… all requiring passwords that are long and complex, yet the password is key to security for many people,” says Michael Kaiser, the executive director of the National Cyber Security Alliance, a nonprofit organization promoting cybersecurity.
Some banks and companies serving the financial services industry are working together to change the way we log into our accounts and make purchases through the use of biometrics—identifying a consumer through a certain feature or features of his body. It’s not only easier for the user—no more remembering and keying in a complicated password—it’s safer. Even if the user has a strong password, “that doesn’t do you any good if it’s stolen. The biometric becomes something that you have that no one else can have,” says Kaiser. The recent iCloud hack revealed vulnerabilities in traditional online security, where a group of hackers obtained and released the private photos of several famous actresses. Apple said it was “a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.”
“Passwords are flawed,” says Kaiser. “What we’ve seen lately [are] some very stark examples of how problematic they can be.”
Michael Barrett is president of the FIDO Alliance, an organization working to create standards to authenticate users with biometrics. “Fingerprint will be one of the most commonly used biometrics,” he says. Fingerprint readers are increasingly embedded in mobile phones and personal computers. Eighty-three percent of iPhone 5s owners use a fingerprint scan to unlock their phone, according to Apple, and the company’s introduction of Apple Pay, which incorporates a fingerprint scan to approve purchases, should make the fingerprint even more pervasive. Apple Pay has partnered with banks such as Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., and Capital One Financial Corp. But fingerprint authentication doesn’t work well for people with jobs or hobbies that wear on their hands, according to Barrett, and can be problematic for the elderly—an important consideration given the aging Baby Boomer population. In both cases, the fingerprint is less prominent and more difficult to read.
Denise Myers, director of marketing for EyeVerify, a biometric technology startup based in Kansas City, Kansas, also says that because people leave fingerprints everywhere, they’re easier to fake. The chief technologist at EyeVerify managed to make one out of a common kid’s toy: Play-Doh.
EyeVerify scans the user’s eyeball, using the camera available on most mobile phones. The user is identified by matching the pattern of the blood vessels within the whites of the eye. “You are the lock and the key,” says Myers. She says the eyeprint is more secure, since it is stored locally on the phone—not in the cloud, where it could be hacked by cyberthieves. Wells Fargo & Co. was intrigued enough by the concept to invest in EyeVerify, making it one of three inaugural participants in the banking giant’s Startup Accelerator program. The relationship is non-exclusive, leaving EyeVerify free to work with other banks and vendors. Beyond that, it is unclear how the relationship will work and whether Wells Fargo will implement the technology for its customers, says Myers.
The eyeball isn’t the only biometric the financial industry is looking at. Multinational financial services company Barclays, based in London, plans to roll out a biometrics reader, available to corporate banking clients, that confirms an online user’s identify based on the vein patterns in his finger. Barclays also uses voice biometrics to authenticate wealth management clients who use the bank’s call center, which it plans to make available to retail clients early in 2015.
Kaiser doesn’t see any downside to the use of biometrics, but says some customers may need to be persuaded that this new form of security is safer. With most biometric solutions, the financial data is stored locally, reducing the likelihood that a hacker could steal the biometric, along with the person’s identity. And unlike some Hollywood movies, a villainous rogue won’t remove a body part to access an account. Many forms of biometrics detect whether the blood is circulating, ensuring that the user’s eye or hand is attached to a living person.