Consumers Wary of Biometric Security
Early releases of identity verification and facial recognition technology have failed to deliver on the promise of trustworthy digital identification and have damaged the reputation of biometric security tech, according to an Incode report.
The global survey of 1,000 respondents found close to half (48%) indicated they consider digital authentication technology as detrimental to their trust in the use of consumer-facing apps, services and devices that feature biometric technology.
Alternately, slightly more than half (54%) said biometrics improved the customer experience with online transactions and payments, suggesting broader acceptance of the technology is possible if biometrics companies could assuage security and privacy concerns.
Biometric Boom
Craig Lurey, CTO and co-founder at Keeper Security, noted that biometric authentication is a technology that will continue to proliferate across a multitude of industries and use cases.
“When used as a single factor for authentication, it’s important to note that such technologies can be subject to failure or manipulation by a malicious user, particularly when that biometric data is publicly available on social media or involved in a data breach,” he said.
He points out that tech giants such as Apple and Google do not store your biometric information on their servers, although the biometrics are stored locally on the user’s device in a secure enclave.
“The same cannot be said of all products and organizations, such as in industrial use cases,” he adds. “A database of palm prints, fingerprints and facial scans is just as vulnerable as a database of passwords.”
From Lurey’s perspective, it is critical for any service provider to safeguard biometric data using a zero-knowledge security model with full end-to-end encryption.
“Biometric databases can be breached and have their data marketed and distributed on the dark web,” he cautioned.
The Incode report indicated that without proper trust assurances, consumers would hesitate to adopt biometric security technology, even though 58% said they agreed digital authentication methods improved the customer experience by simplifying the log-in and onboarding process.
Mike Parkin, senior technical engineer at Vulcan Cyber, pointed out that in the U.S., some people were concerned about the COVID-19 vaccine, including the belief that microchips were tracking their movements.
“Given that, it’s really no surprise that some people would be concerned with using biometrics in general,” he says. “While using biometrics offers a lot of advantages, there is still reluctance to adopt new technology and an element of ‘I don’t know how this works’ at play.”
Parkin added that fingerprint readers have become ubiquitous and facial recognition has become commonplace, mostly due to its use in mobile devices.
“Being able to unlock our phones with a simple touch on the sensor or pointing a camera at our face is getting people used to the idea,” he says. “Users still haven’t fully embraced multifactor authentication, so it’s no surprise there may be some challenges getting them to accept biometrics.”
He explained that while there are some valid concerns with facial recognition’s use for biometric access, it’s hard to say what the concern is overall without additional research.
“This report touches on the fact without delving into why people have these concerns,” Parkin noted.
Biometrics Vs. Passkeys
Bud Broomhead, CEO at Viakoo, says the most surprising survey was that there was no comparison to the trust users have in their mobile device biometrics, especially as Apple and others have made great strides in promoting the use of passkeys.
“Having the FIDO Alliance, Apple, Google and others highlight that they are extending the trust users have in their currently used mobile biometrics should have been a factor in this study,” he said.
He added that the study provided a vague definition of biometrics and passwordless, and consumers are rightfully withholding their trust and approval until they can assess it more clearly.
“If the survey was based on trust of facial recognition in accessing your mobile phone or use of fingerprints as a method of accessing data, the answers may have been different,” Broomhead said.
From his perspective, transparency can help to instill confidence: Have there been successful frauds perpetuated using biometrics? How secure is the storage and distribution of biometrics for authentication? Are there methods to lock down or stop the use of a specific individual’s biometrics in case of suspected fraud?
“There are many questions users might need to have answered in order to gain confidence, and whether through organizations like FIDO Alliance or individual company actions, there needs to be a credible and effective way to answer these questions,” he said.
