5 essential questions on authentication and biometrics
18 May 2022

5 essential questions on authentication and biometrics

18 May 2022

The demand for seamless and secure authentication experiences is growing. With the rise of contactless payments and remote working, our lives are becoming more digital. Thanks to the likes of Face ID and Touch ID, users are increasingly at ease with passwordless solutions, but these popular solutions aren’t perfect. 

Almost all of today's authentication solutions have exploitable gaps – whether in terms of UX, security or privacy. In this blog, we'll not only answer some of your top authentication questions, but we'll explore how Keyless closes these gaps with biometrics.

92% of IT security professionals agree that passwordless authentication is the future.

1. Why are traditional passwords facing obsolescence? 

Simply put, passwords weaken your organization's security posture. When individuals reuse or share passwords, users face elevated risks of identity fraud, data leaks and phishing attacks. Given that over 80% of data breaches are due to poor password security, the security flaws of passwords are clear. For users, having to create complex passwords for each account is bad for UX. And for firms, loss of revenue as a result of identity fraud or non-compliance fines makes passwords a costly expense. 

2. What's the alternative to passwords?

Many organizations are turning to band-aid solutions like password managers and other password-based multi-factor authentication solutions (MFAs) in a bid to strengthen compliance and security. However, password managers can create greater security risks in the event of an account takeover, and legacy MFAs are burdened by poor UX, forcing users to complete multiple challenges in order to authenticate and access their accounts. How do we resolve those issues? The answer lies in moving towards new modalities that are more intuitive, such as biometrics. 

3. Why has it been difficult to make authentication intuitive and secure at the same time? 

The ideal authentication solution should combine great UX with robust security and privacy. In reality, most authentication vendors fail to do this, often sacrificing one feature over the other in a bid to meet market demands. 

Making authentication intuitive and secure at the same time has been difficult, as the traditional way to increase security is to increase authentication challenges and make password requirements more complex  – resulting in increased friction which impacts churn and . 

For example, an MFA solution that combines passwords with one-time codes may offer stronger security, but the user experience can be clunky and result in churn and increased costs. On the other hand, less friction can sometimes create security and privacy gaps – but new authentication modalities, such as biometrics, are changing this. 

4. What does the future of passwordless authentication with biometrics look like? 

Smart devices have popularized biometrics in recent yers – they are intuitive, eliminate the need for remembering passwords and PINs, and are integrated with many popular apps that people use every day.

Gartner expects 90% of mid-sized enterprises to adopt passwordless authentication by 2022. And 42% of users already rely on biometric authentication

It’s clear biometrics are the future – however popular solutions such as Apple’s Face ID and Google Touch are not by any means perfect. In fact, these solutions leave much to be desired from an interoperability and security perspective due to the underlying technology they use to secure authentication data like biometrics and PINs. 

The underlying technology powering solutions like FaceID is local authentication. Local authentication became the industry standard for biometric authentication because it secures sensitive data within hardware, or "locally" on a device (as opposed to in on-premise or cloud data storage centers) – making it difficult for biometrics to be compromised by opportunistic hackers.

Locking biometrics to a hardware device however, such as a smartphone or token, creates limitations in regards to account recovery, consistency between different device models, and security gaps with device-sharing. When it comes to authenticating customers, businesses that rely on these solutions have little control over the user journey and security features they offer. 

5. How can biometric data be securely stored and protected without using local authentication technology?

Keyless is the first in the world to apply privacy-preserving technology to biometric authentication to make it impossible to steal, hack or leak biometric data – while still processing authentication requests online.

By combining zero-knowledge principles, privacy-preserving cryptography and distributed cloud architecture, Keyless echoes the principles on which decentralized technology operates, keeping biometric data permanently out of reach of bad actors, solution providers and clients simultaneously – exceeding the requirements laid out under GDPR. 

"Because we offer strong compliance with GDPR, we enable our customers to focus solely on enhancing the customer experience while embracing cutting-edge solutions – and this is one of our core value propositions," Gal Steinberg, VP of Products at Keyless

To accelerate the adoption of biometrics, the focus for innovation will fall into these three areas: 

  • Ensuring privacy compliance: to protect biometrics from being hacked or exposed in accidental data breaches, we expect to see a move towards private-by-design security architectures – especially in authentication and identity management where biometrics are concerned. 

  • Embracing zero-trust models: thanks to the speed and intuitiveness of biometrics, businesses will be able to authenticate users more frequently with far less friction and disruption to the customer experience or workflow. 

  • Enabling self sovereign identity systems: In line with developments in distributed privacy-preserving architectures, more organizations will begin embracing decentralized identity management and authentication solutions that enable users to to take control of their personal information and private data. 

"Keyless is the world's first privacy-preserving biometric authentication company. Our biometric solutions eliminate the need for outdated passwords while maintaining best-in-class UX, security and privacy," Gal Steinberg, Keyless VP of Products

Get In Touch

Find out how our private-by-design MFA can help your organization prevent ATOs, improve UX, and protect your bottom line.