Recent hacking scandals have exposed the vulnerability in today's mobile world, where passwords can negatively impact the user experience and lead to higher levels of account lockouts
Contextual authentication is quickly gaining ground to take biometric identity verification to the next level.
Not only validating that you’re you, but that where you are, and when you’re there stacks up. That you haven’t, for example accessed a system in London and then made an online payment in New York half an hour later.
Reports of high-profile data breaches regularly fill the news. TalkTalk suffered huge reputational damage, significant profit loss, a plummeting share price and a £400,000 fine when the personal details of over 150,000 customers were exposed last year.
More recently, Yahoo admitted security information on 500 million customers had been hacked 2 years previously. The damaging revelation raised questions over its pending $4.8 billion acquisition by Verizon Communications.
Such incidents can create a climate of panic. So much so, that a Deloitte survey last year revealed only 40% of people are confident that companies keep their personal information and data secure from loss or theft.
This is worryingly low when you consider the power such information puts in the hands of the wrong people.
But it’s little wonder, when you consider that the same survey also found that a shocking one in five people have had personal details stolen online and their bank accounts used to buy goods or services.
This brings into sharp focus how companies are performing identity verification, and just how secure those methods are.
Not surprisingly, organisations are already differentiating themselves on the authentication methods they offer.
My face is my password
Biometric authentication – using identifiers such as fingerprints, facial features, iris scans and others – is growing in popularity, not least with financial institutions that continually seek ways of combating fraud.
Earlier this year, Amazon made headlines with plans for photographs or videos of a user’s face to be used as a way to approve online purchases.
The move was dubbed ‘selfie pay’. While Visa’s recent insight into the topic reveals that 68% of consumers want to use biometrics as a method of payment authentication.
Such is the expectation of rapid growth in this area that, last year the Biometrics Research Group forecast the number of smartphone users taking advantage of biometrics will rise from 200 million in 2015 to 2 billion by 2020.
To fully take advantage of this increase in adoption, biometric authentication needs to step up to the challenge of delivering even simpler, more secure authentication experiences across devices and operating systems. It needs to support built-in risk intelligence that detects anomalous behaviour.
This means adding additional considerations into the authentication process.
Not just the user’s face, or fingerprint, iris scan or whichever biometric identifier is being used, but factors like travel speed – where the device’s geolocation is used to determine travel speed from the user’s last login location and time.
If the input doesn’t ring true – for example if attempts have been made from multiple locations within a short space of time – then access can be denied. A device ‘health’ check can also decide if the device could have been tampered with.
For solutions providers, this additional level of security requires a unified platform that supports existing and emerging methods of biometric authentication, from iris scans to heart rate to facial recognition, and improved user experiences.
For now, username and password combinations are still in heavy use. But there are problems with this approach, and always have been.
The information is easily forgotten, people ignore warnings and write their details down, and weak passwords are easy pickings for experienced cyber-criminals.What’s more, contrary to advice given out, people do still reuse a favoured password across multiple applications.
This puts everything at risk if the data held by one organisation is breached. In contrast, people always have their physical attributes with them, they don’t need to remember or update them and they aren’t things that can be guessed.
Small screen, big problem
Biometric authentication can also be eminently usable, which is a critical factor if such high forecast levels of user adoption are to be achieved.
One of the biggest drivers for its use is the need for simple authentication processes on mobile devices.
It’s tricky to type details into small screens while on the move. Incorrect data entry can result in customers being locked out of their accounts, causing considerable inconvenience and frustration.
Taking a credit card out to make an online payment in public can feel unsafe. In these situations, authentication through facial image or retinal or fingerprint scanning could be preferable.
Biometric data is increasingly accepted as a secure way of verifying and authenticating identity, to grant user access to systems, applications and devices.
As PayPal has demonstrated, it is also now beginning to be used to validate sensitive data transfers such as electronic payments.
As society becomes more and more reliant on digital systems and applications, new ways of using biometrics are likely to be developed.
As the technology continues to evolve apace, there will be ever more sophisticated ways of improving its security. This includes multi-factor authentication through the inclusion of things like geolocation and device health checks into the validation process.