According to IBM, the biometric technology they are continuing to develop, such as retinal scans and voice recognition, will replace passwords and other memory-based authentication techniques in many commercial applications sometime in the next five years.
Each year IBM makes five predictions of changes to come over the next five years, and on their list of changes to occur by 2017 it was predicted that biometric authentication techniques will start to phase out passwords. Biometrics has existed for many years, but costs have been prohibitive in rolling the technology out on a large-scale for consumer authentication purposes, especially for the eCommerce channel. IBM states they have been developing technology for facial recognition, retinal eye scan, digital voice recognition and other biometric techniques, and this technology can help in the growth and adoption of biometric consumer authentication techniques for common consumer activities such as using an ATM or initiating a transaction online.
In IBM’s “Next 5 in 5” video they show a consumer going to make an ATM withdrawal, but rather than inserting a card and entering a PIN like we are accustomed to today, the consumer speaks his name which is verified by voice recognition and then positions his face for a retinal scan. Using retinal scans, voice recognition and other biometric techniques, this data will be composited through IBM’s software to create a “DNA-unique online password.” They also make a point to say in the video that consumers will have full control as to what biometric information they opt to share.
It is a well-known fact that passwords are a weak authentication tool, which is evident in the fact that financial institutions and other online services that require login also use IP geolocation, device identification, security questions and other secondary authentication checks for return users. Consumers often use weak PINs and Passwords while fraudsters are easily able to obtain login credentials through phishing and malware, or just crack passwords through brute force. Consumers aren’t thrilled about passwords either, as many choose to reuse passwords at different sites to save the hassle of remembering yet another one.
Transitioning to more biometric authentication techniques over passwords and PINs will make consumer authentication more secure as these authentication mechanisms don’t have the inherent weaknesses of consumer-created passwords, but they still have a long way to go before they are practical for a consumer to use when logging into their bank account or other service online. In their video IBM only showed its use at an ATM for a practical application of biometric authentication, and it is realistic for this to be the norm by 2017. But for biometrics to truly replace passwords consumers need to be able to give their biometric reading from their computer or mobile device so they can be authenticated anywhere at any time. Only then would consumers be able to get access to their financial accounts, online bills and statements, social network accounts, email accounts and other online services without an alpha-numeric password. The biggest challenge ahead is making the technology affordable so enough consumers can use biometric authentication from their mobile or home electronic devices, as cost has likely been the biggest prohibitive factor in limiting the use of consumer biometric authentication for commercial purposes so far.
For more information: Passwords to become fossils by 2017?