Why is Biometric Authentication Important for Digital Identity Management?

by Ralph Rodriguez, CPO
August 14, 2023

The passwords that protect our digital accounts were first invented at the Massachusetts Institute of Technology in the early 1960s. In the decades since, computers have shrunk from being room-sized machines to taking up the small space in our pockets as mobile phones – and password usage has only increased.

A NordPass survey found that the average person has 100 passwords. In Daon’s survey conducted in October 2022, 68% of over 3,000 consumers reported passwords as their most often used security measure.

Despite being so common, using passwords for digital identity management poses challenges for consumers, employees, and businesses.

For example, most people know they’re supposed to have a unique password for each account; as revealed in LastPass’s Psychology of Passwords report, 92% of people said they knew they shouldn’t reuse passwords. Yet the same study also reported that 65% “always or mostly” use the same password or some variation of it.

Most people also know that the more complex a password is, the greater security it provides. However, complex passwords are hard to remember when a person has many online accounts. So, it’s not much of a surprise that the top three passwords in the NordPass list of the 200 most-used passwords for 2022 include “password,” “123456,” and “123456789.”

People also commonly use personal information, from birthday and anniversary dates to family and pet names, to create passwords that will be easy to remember. For example, Mozilla looked at BabyCenter.com’s list of top baby names for 2023 and found that Joshua had been used as a password 388,793 times, Oliver had been used 259,274 times, and Isabella had been used 141,731 times.

Other habits that impact the security of passwords include writing them down and sharing them. Insurance shopping site The Zebra reports that “79% of consumers admit to sharing their password with someone outside their home.”

The Ugly Truth About Passwords

The ugly, widely acknowledged truth underlying passwords is that despite their broad use, they don’t offer much security. Ninety-five percent of IT professionals surveyed by LastPass say there are risks to using passwords. NordPass estimates that each of the top three passwords mentioned above could be hacked in less than one second. The 2022 Verizon Data Breach Incident Report found that 81% of hacking-related data breaches can be attributed to weak or stolen credentials.

According to Forbes, a stolen VPN password that “may have been used on a different website that was previously compromised” gave ransomware attackers access to the Colonial Pipeline in 2021, “costing the company $2 million in ransom alone and setting off one of the biggest supply chain crises in recent memory.”

Many companies try to improve password security with multi-factor authentication, sending a one-time password (OTP) that is only good for a matter of minutes to the customer’s phone after they’ve entered their username and password. But criminals can now hack or phish those OTPs just like they can with traditional passwords.

The bottom line is that businesses who rely on passwords as “good enough” security are trying to fight a losing battle: today’s fraudsters use 21st-century tools like AI and machine learning. At the same time, passwords offer protection rooted in the “Space Age” and bear a level of security that relies too heavily on human nature.

Biometric passwordless authentication brings online account security into the modern age with a passwordless approach and digital identity factors that are accessible for customers and employees, never have to be remembered or reset, and are nearly impossible to steal.

What Is Biometric Authentication?

Instead of using something a customer or employee knows (KBA, or knowledge-based authentication), like a password or a PIN, biometric authentication uses something they are: a physical characteristic, like a fingerprint, voice, or face, known as a biometric, is used to authenticate someone’s digital identity. Anyone who has ever asked a digital voice assistant to check the weather, turn on lights, or play music has used a biometric factor – their voice.

Biometric factors used for authentication are unique and unlikely to change over time. They can include fingerprints, facial, voice, retina, and palm scans. Less commonly, they can also include behavioral biometrics, which recognizes a pattern in how a person does something, such as typing on a keyboard or moving a mouse, and that can measure unique patterns and mannerisms of individuals when they interact with their devices. These factors that are used to authenticate a customer’s digital identity are established when the person opens an account or onboards. For example, a new customer opening an online savings account may be asked for an image of a government-issued photo ID, such as a passport or driver’s license. Next, they may be prompted to take a selfie to verify their identity. The company’s digital identity platform biometrically compares the selfie image to the image on the customer’s ID document, including liveness detection to ensure it is not a sophisticated presentation, verifies the new customer’s identity, and creates a biometric facial template that is securely stored and used to access the account when the customer returns for future authentications.

Next time the newly bombarded customer wishes to log into their account, all they have to do is open their savings account app, use the camera built into their mobile device, and scan their face. The authentication platform then compares their face to the stored biometric template they registered during onboarding and either admits or denies them from their account based on factors assessed by liveness detection technology and other backend data analyses done on their facial scan.

4 Benefits of Biometric Authentication

Biometric authentication offers several significant benefits to companies and their customers. It reduces the overhead that passwords create for businesses, both monetarily and in IT time/expertise requirements, and eliminates the customer friction and dissatisfaction caused by passwords. Biometric authentication does both these things while also improving security, successfully meeting the KYC/AML requirements and regional rules for even the most regulated transactions, geographic areas, or industries.

1. Operational Efficiency and Convenience

Biometrics are easier for businesses over the course of both a customer’s lifecycle and an employee’s tenure. There’s never a password to forget or reset – saving time and money, not to mention preserving a positive user experience.

In fact, it’s estimated that the average firm spends $5.2 million a year on setting and resetting passwords. According to the Service Desk Institute, Gartner found that 40% of all help desk calls are related to password resets, while Forrester reports that each password reset call costs a business around $70. A biometric authentication platform frees your IT team from the overhead of password management and saves money year in and year out.

On the customer side, relying on passwords creates friction and results in lost opportunities. According to Security Brief New Zealand, “Recently released research has found about one in three of online purchases are abandoned at checkout because people cannot remember their password to access their account and confirm their purchase.” Biometric authentication eliminates this significant cause of shopping cart abandonment, reduces friction, and improves the user experience.

2. Positive and Unique User Experience

Biometric authentication is easy for customers to use, making the process of accessing their accounts, using self-service tools, or completing a purchase seamless and friction-free.

Because biometric authentication uses a factor that’s readily available, such as the user’s face, voice, or fingerprint, it’s always accessible. There’s never a reset process, where many customers become frustrated, often abandoning carts or moving to competitors.

Plus, customers are already comfortable using biometrics. A recent survey found that “68% of respondents already use facial recognition to unlock their smartphone, laptop or other personal devices, while 51% apply it to log in to a phone app.” Biometrics are easy to use, widely understood, and provide fast access.

Consumers also prefer biometrics to passwords. In its January 2023 report, “Consumer Authentication Preferences for Online Banking and Transactions,” PYMNTS found that 51.7% of respondents preferred biometrics, compared to 24.7% who preferred passwords.

3. Easy Accessibility

Passwords can limit both inclusion and accessibility. For example, they can create a barrier to access for people living with visual impairments, memory issues, and literacy challenges. Biometric 2FA, however, are ever-present and instantly available, making them a step in the right direction towards creating more equal access.

4. Enhanced Safety and Security

Biometric authentication also provides better protection against fraudsters and criminals than passwords. Unlike passwords that can be hacked, forgotten, shared, or copied, biometric factors can only be used by the person who owns them, and even if the biometric template was somehow accessed, it is securely encrypted in a way that renders the data impervious to reverse engineering (into an image).

It’s Time to Move Away from Passwords

Despite customer preference for biometrics, the PYMNTS survey found that when it came to account access methods, they had actually used in the past month, 65.1% of customers cited using passwords, compared to 46.5% who used biometrics. Clearly, businesses have a way to go in meeting customer preferences and smoothing their access experiences.

Daon’s Zero Trust Consumer survey reported that 95% of over 3,000 respondents are managing more areas of their lives digitally/online than they did five years ago. This growth exposes more accounts and personal data to hackers and fraudsters, which should propel businesses that are still relying on passwords to adopt biometric identity solutions for improved security.

Daon can help your business transition from the past to being future-proofed with passwordless login technology. Learn more by checking out our biometric authentication solutions.