Using biometrics to unlock a smartphone and access mobile apps has become common. The annoyance of remembering swipe patterns, PINs and passwords has been replaced with a better user experience: touch a fingerprint sensor or just look at your smartphone’s screen and you’re authenticated.
In addition to using biometric authentication in their personal lives, people are eager to use the technology at the office, judging by the results of Veridium’s Biometric Consumer Sentiment Survey. Out of the 1,000 adults polled, 70 percent said that they wanted to use biometric authentication in the workplace.
“What’s clear is that passwords have not evolved,” James Stickland, Veridium CEO, told Dark Reading. “They have only grown more complex and confusing, so we’re finding that consumers want to move the experience they’ve had with biometrics to the workplace.”
Not having to remember passwords cited for using biometrics at work
Some enterprise password management policies require people to create passwords that include special characters, capital letters and numbers. Others force employees to change their passwords after a certain period of time and ban them from reusing passwords. To make passwords easier to remember, people turn to shortcuts that don’t follow best security practices. They may write a password on a sticky note and leave it on their monitor. Or they commit a cardinal cybersecurity sin: using the same password to log-in to multiple accounts.
Attackers, criminals and other nefarious types know that people reuse passwords. And with data breaches occurring with frightening regularity, there’s a possibility that, eventually, a person’s credentials will end up in the public domain or on the Dark Web. If threat actors have the username and password that a person uses to log-in to a MyHeritage account, they know there’s a chance that those credentials could provide them access to more valuable accounts, like a work email account, for example. In fact, Iranian and Chinese hackers are using stolen credentials as the initial penetration vector in their most recent campaigns.
The survey showed that people are aware of the hassles and security weaknesses of passwords. Not having to remember them (33 percent) and security (31 percent) were two of the top reasons people cited for using biometrics at work. Speed (35 percent) was the top reason, indicating that people want to access their work applications as quickly as they can unlock their smartphones.
“We’ve found that there’s an ever-growing crowd of people who support eliminating the password,” Stickland told Dark Reading.
While organizations incorporated biometrics into the authentication process years ago, consumers only began using the technology when it appeared on their smartphones, Stickland said. Initially, people only used biometrics to unlock their smartphones (and this is still the top use of biometrics, with 80 percent of respondents using the technology for this purpose). Now, people use biometrics to access a range of applications including finance (35 percent), payments (31 percent), company networks (12 percent), travel (11 percent) and healthcare (10 percent). A fingerprint was the preferred biometric identifier for accessing smartphones (63 percent), beating out facial recognition (14 percent) and voice recognition (2 percent). Passwords and PINs were the least popular option (8 percent).
Companies need to be clear on how biometrics data is stored, used
People may be eager to use biometrics at the office but they also have concerns on how that data is managed and secured. Companies need to clearly communicate to people how their biometrics data is being used and stored. More than half of respondents (57 percent) are either unsure or neutral when asked if they think organizations are storing biometrics in an ethical way. Only a quarter agree or strongly agree that their biometric data is being stored ethically.
Not being transparent about how biometric data is being stored and used could impede its adoption in the workplace. This is a missed opportunity for companies, as multi-factor authentication leveraging biometrics can be a very effective layer of security that mitigates the impact of passwords stolen in data breaches. Using a smartphone and biometrics for multi-factor authentication offers a more secure and convenient way of accessing applications. Biometrics, unlike passwords, can’t be shared and are difficult to spoof. And using a smartphone to authenticate is more convenient than having to remember a password.
Wait, there’s more
Want to see our survey data visualized? Then check out this infographic. It’s also available here.