If a figure like 770 million is any indication, biometrics are here to stay.
That’s the figure that Juniper Research, a UK-based market analysis firm, forecasts for biometric authentication app downloads per annum by 2019. In comparison, adoption of technology like Apple’s Touch ID has only reached 6 million this year.
This, according to the company, will dramatically reduce the dependence on alphanumeric passwords in the mobile phone market.
“It’s going to be pretty significant by that time,” said Windsor Holden, head of consultancy and forecasting at Juniper. He added that the next step will be to persuade the public and various governments of the tangible benefits of deploying this technology widescale.
It’s an area that has seen little effort so far in North America.
While Apple’s Touch ID fingerprint sensors come pre-installed on newer iPhones and iPads, it’s often the technology’s tokenization aspect – where sensitive data is substituted with a non-sensitive equivalent when sent over a network – that is touted for its security.
Holden said that other types of biometric apps, including voice, facial, and iris recognition will also have to be combined with multi-factor authentication to ensure security. Without it, the benefits amount mostly to convenience – data on a user’s human characteristics can still be stolen.
According to Holden, Juniper arrived at these figures partly by researching the growth of applications that can benefit from the addition of biometrics while also factoring in the impact of regulation.
The report titled “Human Interface Technologies ~ Small Gestures, Big Opportunities” said that fingerprint authentication in mid-range phones would make up the vast majority of the growth in the medium term, while software-based biometric authentication is also emerging, such as using ear prints.
“It all boils down to whether you can convince the public,” said Holden. “Companies need to identify a use case in the meantime to convince adoption.”
Why on earth do they endeavour to bring down security by putting biometric sensors on the phones, tablets and PCs which have been somehow protected by passwords?
Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords only.
Whether static, behavioural or electromagnetic, biometric products are generally operated together with a password by OR/Disjunction (as against AND/Conjunction that is common for 2-factor authentication) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y – xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are even less secure than the devices protected only by a weak password.
These biometric products might look more secure in appearance, but it is just a false sense of security. Many of the consumers, who are trapped in the false sense of security, may well be piling up more of their information assets in the cyber space while some of the criminals, who are aware that those consumers are now less secure, may well be silently waiting for the pig to be fat.
False sense of security about a threat could be even worse than the threat itself. It is a conundrum how it is possible for so many security professionals to remain indifferent to such a nightmarish situation.