Looking Beyond the Biometrics Hype

Written by

Last year saw more than its fair share of high-profile online privacy breaches, emphasizing the need for additional security measures in the form of multi-factor authentication.

As the modern mobile and online user grows accustomed to increasingly user-friendly technology, the challenge is maintaining simplicity without compromising security. As innovation advances, previously ‘futuristic’ systems such as biometrics are becoming more commonplace.

Apple’s Touch ID fingerprint sensor on iPhones is perhaps the most well-known example – and it should come as no surprise that consumers of the mobile generation have come to see biometrics as the perfect solution to replace passwords or complex authentication methods. In addition, as a high-tech solution it certainly has the cool factor, adding to its allure.

Apple is now integrating biometrics into its handsets, painting this as a viable authentication method, and we can expect more such systems to become available soon. Facial and voice recognition are the most obvious candidates, and one would think they’re relatively easily implemented with all the cameras and voice assistants around.

However, biometrics is not as simple as it appears to the average mobile user, and enterprises and online businesses must look at the wider picture.

Caution is needed. Biometrics at this stage is still an emerging technology: its accuracy and reliability is unproven. The underlying security apps are complex and difficult to develop and run only on a select few premium devices.

Biometric authentication today leaves out a huge proportion of mobile users (smartphone or otherwise, who don’t have such capabilities on their devices) as well as online users. Providing biometric authentication for these consumers would be a logistical nightmare, especially for international internet giants with millions of users around the world. 

“If hackers develop ways to bypass biometric database security, then the solution is no better than existing passwords”

Getting biometric readings from them would require calibrated and approved hardware; consumer webcams don’t fit the bill, at least not yet. Fingerprints pose an even greater challenge – should Google ship a certified fingerprint reader to each Gmail user? Hardly. These companies need a reliable, efficient and easily deployable system – and precisely for this reason many of them already use SMS-based two-factor authentication.

Even if companies are able to overcome the obstacle of deploying biometric authentication, the threat of hacking a biometric database still exists, potentially putting the personal data and online or mobile accounts of thousands of users at risk.

Biometric security measures may seem immune from imitation. However, if the last year has shown us anything, it’s that the databases in which the details are saved are not impenetrably safe. If hackers develop ways to bypass biometric database security, then the solution is no better than existing passwords.

Given the vulnerabilities of databases, even biometric-based security needs an additional layer of authentication. SMS has proven it can provide this much needed extra level of security without impacting user experience. It requires no more than a mobile phone of any type or generation to add this extra layer of security by delivering one-time PINs.

SMS-based authentication is easy to deploy; today widely available APIs enable smooth integration. Some SMS solution providers are also able to guarantee global coverage, a must for internet firms needing a solution to serve their worldwide customer base.

We know from experience that it’s difficult to guarantee absolute data security in this day and age. The search for a fool-proof solution continues, but we can safely say that one layer of security is not enough. A multi-faceted approach is essential and SMS-based authentication provides the ‘user-friendly’ element that customers demand. 


About the Author

Silvio Kutic, founder and CEO of Infobip, earned an MSc at the University of Zagreb Faculty of Electrical Engineering and Computing. With a few enthusiastic colleagues he began a project which explored the possibilities of professional mobile messaging; this eventually grew into Infobip. Silvio took over as CEO in 2006. Since then, he has been the driving force behind Infobip's growth and strategic shift towards enterprise and MNO solutions


What’s hot on Infosecurity Magazine?