RIP, Passwords: Hello, Biometrics

A few years back, authentication used to be very simple, i.e. users needed two strings (username and password). If someone knows both, then they can access the account—easy as that. This was the case when the ecosystem was simple as well. At that time, the accounts were very small in number with limited connectivity, the reason for the low-risk threat landscape.

Back in those days, only “adversaries” could get physical access to the system. But over time, it started extending to remote users, which eliminated the need for physical presence to break into the system. More accounts and more connectivity eventually led to more threats and particularly more data breaches. The simple premise of matching strings (i.e. id and password) is not a good practice anymore. Instead, the world has moved toward the adoption of biometrics to meet the increasing security concerns.

DevOps Connect:DevSecOps @ RSAC 2022

Authentications Should Be More Than a Binary State

The authentication concept is really simple: If you know the password and username you can have access to the account and features it provides, and if you are not logged in you have no access, as simple as that. There is no grey area—it’s either one way or another. This means whoever got hold of this binary state has access to everything that the account holds.

One of the main aspects we often witness in infosec these days is the recognition of the threat. For example, consider the platforms that allow multiple attempts to log in before locking out completely. Nowadays, such attempts are enough for hackers and bots to figure out the passwords. But should it be like this? Even if someone successfully authenticated does that mean they should be allowed access to all features? How about proving your identity (let’s say through email or two-factor authentication) before allowing access to certain features.

These are a few examples that explain why traditional authentication through the binary state is not reliable and we can do a lot better than this.

Are Longer Passwords Stronger?

Even knowing the security concerns associated with passwords, people have this misconception that longer passwords are usually more secure and impossible to break. But are they? Usually, online platforms have character limits for passwords. No reasonable person is going to set the long passwords. Also, there are certain requirements for passwords; for example, the use of special characters, upper case and lower case alphabets, etc. Moreover, for every account, there’s a need for a new and unique string. This one is no doubt a good practice but imagine having multiple accounts and the fatigue to remember every password. It is quite frustrating and most of the time we can’t even recall them.

What’s Next? Biometrics

In recent years, with the increasing trend of data breaches and identity theft cases, it’s time to say goodbye to passwords and move toward advanced authentication methods to deal with the security vulnerabilities, thereby improving customer experience. Biometric verification—through fingerprints, face, voice and retina—is now being used by any service providers and organizations to meet the security standards.

Biometrics are the unique features of the person that can neither be stolen or modified. Also, they are always in possession of the individual. People don’t have to go through the tough job of remembering passwords and PIN code, which makes the user experience a lot better and secure. In upcoming years, passwords will be the talk of the past, since biometrics has started replacing it.

Biometric Verification – Curbing the Intruders

Traditional passwords and PIN codes vulnerability has raised confidence among hackers and fraudsters. Using the latest technology and techniques, it is no more difficult for hackers to access user credentials and break passwords. Through phishing scams and scamming applications on social media, intruders are readily getting at information. Biometric verification can be integrated by businesses to stop intruders from accessing someone else’s accounts.

Biometric Verification and Fraud Prevention

One of the most occurring digital frauds is identity theft. With easy-to-hack user credentials, cybercriminals are using other people’s identities to carry on their fraudulent activities without leaving a trace behind. Identity theft results in different types of frauds including tax frauds, credit card frauds, money laundering, fraudulent purchases and chargebacks. Credit card fraud is at the top: According to an FTC report, in 2018 the commission received more than 167,000 complaints that personal information was misused in existing accounts or to open new credit card accounts.

Biometrics—specifically real-time facial verification—can prove to be really efficient in detecting fraud in real-time and preventing intruders to access an individual’s account or misuse information. The person’s face can be the token to log in to the account. Also, biometric verification is an integral part of Know Your Customer (KYC) services, which enables businesses to verify their customers are who they say they are. This eventually results in fraud detection and prevention.


The increasing trend of digital fraud and data breaches has shifted the attention of organizations toward the adoption of advanced authentication and verification methods. Unfortunately, passwords are no longer secure, which has made businesses onboard biometrics as a verification tool. Biometric verification isn’t simply replacing the traditional passwords but is also becoming a trademark for KYC services for fraud prevention and detection. Moreover, biometrics are reshaping the future of payments and customer experience.

James Efron

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

James Efron

James Efron is a tech enthusiast, currently serving as infosecurity management expert at Shufti Pro. In previous roles, he has designed organisational strategies for tech firms. He indulges in advanced technologies, including AI and big data, often extending a hand to firms experiencing digital transformation.

james-efron has 2 posts and counting.See all posts by james-efron