Will 2015 see the death of the password?
Rumours of the death of the password appear to have been greatly exaggerated in the past. But, dare we say it, it does look as if 2015 could be the year when tedious password-based log-in will be replaced by smart context-aware security solutions on mobile devices that know where a user is and whether their location, actions and biometrics (not just voice and fingerprint but ear biometrics and measuring the way you walk) match expected patterns.
Only last month Microsoft threw its weight behind alternatives to passwords, blogging about plans to secure Windows 10 with authentication that could combine a traditional PIN with biometrics, such as a fingerprint, to allow the user to sign in to any supported mobile service. Android mobile makers have embraced fingerprint authentication for accessing the phone, while Apple’s Touch ID fingerprint identification feature authenticates access to Apple Pay and now the Apple Watch apps.
Tech giants are responding to a groundswell of opinion that we are all getting sick of having to remember hundreds of passwords. The younger generation is driving this – 16 to 24 year old consumers in the UK have the greatest appetite for biometric security measures and the greatest need to use them in place of traditional authentication such as passwords – because they are simply failing to use passwords – according to research from Visa Europe.
Generation Z is most keen on authentication via fingerprint scanning, perhaps due to the Touch ID effect. Nearly 70% of 16 to 24 year olds say they want to use fingerprints rather than passwords by 2020. Other methods interest this generation such as retina scans (39%) and facial recognition (27%), with voice recognition (12%), fast DNA samples (15%) and implanted chips (16%) less popular.
Mobile makers are looking beyond the fingerprint for authentication. Global mobile maker ZTE – whose Grand series has sold more than 5m units – has announced its latest ZTE Grand S3 will be secured by eye-based biometrics. The solution works by imaging unique vein patterns in the human eye using the Grand S3’s front facing camera. Meanwhile Descartes Biometrics’ Ergo app works on Android phones to verify the user’s ear.
The finance sector has a lot to lose when passwords and PINs are breached so it is particularly interesting to see banks backing biometric access to mobile devices that enables direct access to bank accounts. RBS and NatWest have introduced the facility for their customers to use Apple’s Touch ID fingerprint sensor to log into their bank accounts on mobile devices. Between them the banks have 1.8m active iPhone users who use their banking app an average 40 times per month. In the States, USAA has become the first US financial institution to introduce facial and voice recognition on a mobile app for customer authentication.
As smartphones increasingly become the gatekeepers of access to mobile banking and payments services, traditional PINs and passwords look old-fashioned and clunky. Emerging biometric authentication methods combined with factors from geolocation to gait, look set to provide a secure and convenient alternative.