Biometrics Advocates, Get With the Bloody Program!

In just the last week, these are two of the articles paraded by the ‘Biometrics For eCommerce’ group on LinkedIn, both of which are taken from;

Is Biometrics Putting The Nail In The Password’s Coffin?

Is It Time To Cash In PINs For Biometrics?

My question is; Just how dumb do you have to be to wage a war against your own side? You don’t see The Times and The Sun slagging each other off, or Lexus and Toyota competing for the same demographic, do you? And why not? BECAUSE THEY ARE ON THE SAME DAMN TEAM!

So why is it that biometrics advocates feel the need to pick on passwords / PINs? I can only imagine it’s something like a school bully who only picks fights he thinks he can win, or perhaps they realise that biometrics is nowhere near the panacea they want it to be so they have to compare it against the lowest common denominator.

And let’s face it, that’s exactly what PINs are; the lowest form of password, which is the simplest of the 3 forms of authentication. That’s why it’s so prevalent, and orders of magnitude more accepted and consumer friendly than any form of biometric. But it is also the cause of all of their limitations, which are not inconsiderable.

However, instead of trying to kill the password /PIN, what’s wrong with taking the position of collaborative support? PINs are inadequate for some scenarios, just as biometrics are wholly inappropriate for others. Addressing the factor of authentication outside of the context of risk is no different from asking how long is a piece of string.

What about consumer preference? Is ANY financial institution or bank going to enforce a ‘biometrics-only’ stance? Not unless they are irretrievably stupid.

What about device capability? Are we going to force all 7.3 billion people on the planet to buy the latest smartphones? More than 2/3 of all mobile phones are still not biometrics enabled, do you really see passwords / PINs going away ANY time soon? No, nor do I.

Even for those with smartphones, who’s to say that the something-you-know has to be a passWORD? A picture of your own choosing will suffice. Or special characters in place of numbers perhaps? How many people out there speak Klingon? All you have to do is remember SOMETHING, and the smartphone could not make that easier (especially for those with learning disabilities).

Clearly my blog’s limited reach will have no impact on those too short-sighted or just too plain greedy to adopt a collaborative approach to authentication and identity management, but like almost all FinTech’s disruptive innovators, those going it alone will fail. Biometrics has finally, and rightfully, taken it’s place in the arsenal of weapons used against the bad guys, but for now advocates seem Hell bent on using them against their own friends.

In the end, only multi-factor authentication will win the day. Biometrics will be a big part of that, but the mobile phone (something-you-have) itself will be even bigger, and something-you-know will never go away.

Nor should anyone want it to.

2 thoughts on “Biometrics Advocates, Get With the Bloody Program!

  1. According to forecasts by my company, Acuity Market Intelligence, by 2018 all smartphones will be shipping with on board biometrics. Given this inevitable market development along with the rapid price drops – sub $100 smartphones, within 5 years, smartphones will be the only kind of phones produced … so yes, passwords will be going away. Though no reason to be so violent about heir demise (-:

    • Hi Maxine, thank you for taking the time to comment.

      I will note that seeing as Acuity MI “is an emerging technology strategy and research consultancy with a proven record of accurately anticipating Biometric and Electronic Identity (eID) market trends.” your obvious bias is understandable.

      However, I do think you have missed my point. I have nothing against biometrics, and I have no love of passwords, but until you put biometrics in the context of TRUE identity management you will see that ALL forms of authentication are cumulative, not competing. Biometrics advocates (vendors and researchers alike) should stop trying to kill the ‘something-you-know’ and focus on making their ‘something-you-are’ alternative more palatable.

      Who in their right mind would REPLACE one form of static authentication (passwords) for another (biometrics) when the combination of both is exponentially better? At least you can CHANGE a password!

If you think I'm wrong, please tell me why!

This site uses Akismet to reduce spam. Learn how your comment data is processed.