Most of us are sick of passwords. Some would say they are already dying a slow death and that their demise can’t come soon enough. The risks and costs of data theft resulting from password-related hacking are too high and have been for a very long time. Password fatigue and frustration plague us at work and home. Fortunately, advances in authentication technologies are reducing user friction, enhancing security and creating more efficient business processes.
With 2019 in full swing, what does the future of authentication look like? The big umbrella statement is that biometric authentication is rapidly gaining traction and taking center stage. With market growth for biometrics predicted to reach a CAGR of 16.3% during 2018-2023, here’s how we see it playing out:
- Passwords will be further demoted. Yes, industry and government are putting enormous resources into biometric technologies. Yes, experts agree that biometric authentication is the safest security method. But no, passwords aren’t dead yet. While they are not state-of-the-art, we still need them. Over time, they’ll take a lower place in the security technology hierarchy. Many organizations have already relegated the password to third or fourth place status, behind fingerprint, behavioral, and risk-based authentication.
- Multimodal authentication will continue to make substantial steps forward. Early adopters of biometric technologies will primarily use them in a multi-modal setting in tandem with more traditional methods such as combining fingerprints or iris scans with a password. This can also provide greater flexibility for users to determine authentication preferences.
- Face recognition will gain traction. Our faces will increasingly serve as our IDs. Consider the air travel industry: 77% of airports and 71% of airlines are putting significant resources into R&D for biometrics. In December, Delta opened the country’s first wholly biometric airline terminal in Atlanta using face recognition to check luggage, flight check-in and pass travelers through security checkpoints. Security is paramount, but also, many airports are at capacity, and it’s easier to move passengers through the airport using biometrics than to hire more security resources and metal detectors.
- Behavioral biometrics will become more entrenched in reality. Banks are a primary example. More than a dozen technology vendors from start-ups to giants like IBM have built behavioral biometrics into their retail and banking security software. One example is the Royal Bank of Scotland. The financial services firm is expanding its biometric behavioral data system which records more than 2,000 different interactive gestures to all of its 18.7 million business and retail accounts.
- Users will drive technology advancement. Smartphone capabilities have made touchscreen and face ID ubiquitous and are a driving force in biometric authentication. Acuity predicts that 4.8 billion smartphones will be equipped with biometric capability by 2020. Consumer readiness for biometrics is reflected in the rising adoption rates across just about every industry sector including in e-commerce, travel and electronics.
- Standardization will further promote biometrics. There is a full-fledged movement to dump passwords and standardize protocols for strong authentication technologies, particularly biometrics. Giants like Google, PayPal and American Express have deployed FIDO Alliance U2F interoperability protocols. Already, more than 300 products used by over 1 billion people have the new protocols embedded in them.
It’s not hard to predict that the future of authentication lies in biometrics with multi-modal authentication for even greater security and flexibility. Established, traditional methods won’t disappear overnight, but the rules are rapidly changing. As your organization moves into the future of authentication, Crossmatch, part of HID Global, is ready to help you prepare for the highest levels of security with their advanced composite authentication solutions. Contact us today.
Jeff Carpenter is Director of Identity and Access Management solutions at Crossmatch. In this role, he is responsible for evangelizing Crossmatch’s DigitalPersona® solution. In his 10+ years in cybersecurity, Jeff has held positions with a number of top tier cybersecurity and technology companies, most recently he was with RSA, a Dell Technologies company. Jeff earned a Bachelor of Science degree in Business Administration from Creighton University in Omaha, Nebraska. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.