Is Biometrics Here to Stay?

Fingerprint Login

Fingerprint login was once seen as something in the distant future, but by now it is routine for many of us. iPhone and some Android users are already well acquainted with the process and it has also been available from BECU for some time now as well as many other major financial institutions around the world.

Fingerprint login is safe, secure, and proven. Granted, it can be inconvenient in the middle of winter when you're wearing gloves! Plus, fingerprint scanners are ultra-sensitive to moisture, dust, dirt, and electrostatic discharge, which can all affect their performance from time to time. Still, despite these small inconveniences we love the advantages of this type of biometric authentication.

Face Scanning

The subject of science fiction for decades, facial scanning has been available on many smartphones for a few years now. The iPhone X, however, is "the biggest field test yet" of this technology, at least according to Wired. "With the iPhone X, your iPhone is locked until you look at it and it recognizes you. Nothing has ever been more simple, natural, and effortless," Apple executive Phil Schiller told Wired when the phone was launched. "This is the future of how we'll unlock our smartphones and protect our sensitive information," he says.

In the past facial recognition has been laughably easy to beat with techniques as simple as holding up a photo of the rightful owner. Apple's technology, however, uses a program called TrueDepth which projects a grid of 30,000 points onto your face, effectively making this biometric difficult to fool.

You may already have some experience with facial scanning, or you may be wary of jumping headfirst (literally) into a new security technology, but regardless it seems like facial scanning is at the tipping point of becoming commonplace. Many Android phones and PCs running Windows 10 support facial recognition and although some iPhone X users have complained that the phone unlocks unintentionally at inopportune times, or does not always recognize their face, the technology has been mostly well received.

You'll even find facial recognition in the financial services industry. Our BECU app now supports facial identification, as do many financial institutions. The retail industry has accepted facial identification too. iPhone X users can pay with FaceID, and The Economistreports that users in China can access ATMs, make payment on their phones, or even use Alibaba's (China's answer to Amazon) 'smile to pay' service in stores.

Eye Scanning

The European bank TSB has already introduced iris scanning for people who own a Samsung Galaxy S8 or S8+, which allows users to access their banking app simply by looking into their phone's camera. In theory iris recognition may be more secure than fingerprint scanning. Your iris has over 260 unique points compared to the 40 unique points on your fingers. Still, eye scanning is a new technology and the S8's iris scanner was recently fooled by German hackersusing - you guessed it - a photo of someone's eyes and a pair of contact lenses.

Voice Recognition

If facial recognition has arrived then surely voice recognition is not too far behind. We already talk to our smartphones and smart speakers daily to perform searches and other functions. Once again Apple is leading the way here --in 2016 they filed a patent entitled "Speech Recognition Wake-Up of a Handheld Portable Device."

Here, in the financial industry HSBC set up voice recognition in 2016, but a recent BBC test of the service revealed that it was remarkably easy to hack when the non-identical twin brother of one reporter could access his brother's account.

Another potential issue with voice recognition is that in the age of smartphones, smartwatches, laptops, tablets, and more, it has never been easier to record someone else's voice. However, just like we were once able to fool facial recognition software with something as simple as a photo, voice recognition could still make the technological leap necessary to become a viable financial security tool in the future.

Multi-Step Verification

In an interview with The Telegraph, Richard Parris, chief executive of the software firm Intercede argued that any login should have "three distinct elements - possession (something you have, such as a smartphone), knowledge (something you know, such as a PIN) and inherence (something you are, like an iris scan)."

In this scenario, biometrics would be more secure when combined with other authentication processes, like:

Google Authenticator

Apple seems to be leading the way in North America in facial recognition, but Google is making big leaps in terms of privacy. Google authenticator provides a simple two-step process to log into your sensitive digital accounts. You still need your name and password, but with Google authenticator you also have to enter a one-time code sent from Google to your authenticated device via the authentication app. This means that simply knowing someone's password and username is no longer enough to access their information. Eventually every login could require authentication through the Google authenticator app.

One time SMS code

A one-time SMS code is another option for authenticating a login attempt. It is like Google authenticator but instead of generating a one-time code through an app, you receive a code through a text message. Entering this code in addition to a password is a simple, effective, and tested two-step verification method.

FOB/USB

FOB/USB options have been available for a long time. They work like any FOB key. You simply use the FOB or USB to gain access to sensitive information on your phone or computer. This relieves you of the burden of having to remember your password (but means that you will have to remember your FOB/USB). Still, when combined with other authentication methods a FOB/USB can be a very safe and convenient method of protecting your information.