Verifying our digital identity isn’t something most of us think about often, but it’s something we all do constantly. Millions of times a day, collectively, we’re asked the question: “Who are you?” Our banks, social media accounts, email providers, the online stores we use, and countless other mobile services all want to know who we are. Any time we want to access an account, perform a transaction or update a profile, we need to verify our identity.
To manage all this, some people rely on a password manager and/or practice good password hygiene
by constantly resetting and creating more complex passwords. However, the majority of us resort to using the same passwords and PINs for multiple accounts, forgoing the more secure option. By doing so we take the risk that someone could steal our most personal information. As we increasingly manage our lives online, the risks are becoming magnified.
Biometrics offers a far more convenient and secure way to address this challenge.
People are accessing their devices and accounts every day using their fingerprints. India has enrolled a billion of its residents in an identity program using fingerprints and iris scans. Face recognition is used in many ways – for customer onboarding and border security, as well as unlocking devices and replacing passwords. Dozens of banks and millions of people use Eyeprint, and earlier this year, Samsung launched the Galaxy S8 featuring iris scanning. As mobile devices become more powerful and less expensive, more and more people are gaining access to biometric security.
That’s just the beginning for biometric verification. Individual biometrics such as face, eye, or fingerprint each have weaknesses, but by using smartphone technologies that leverage data such as location and behavioral analytics, we will be able to build a comprehensive profile that more seamlessly and securely identifies each individual. The ultimate vision of biometrics provides better protection and less friction for consumers. In the next couple of years, people may only need to authenticate once for certain apps, and their smartphones will keep them continuously authenticated until exit criteria are met.
In order for biometrics to replace passwords, the use of biometrics needs to be completely frictionless and secure.
Any system that verifies people’s identity must be “financial grade,” or secure enough for our most sensitive data. That means it requires a 99.99 percent accuracy rate, and criminals can’t be able to spoof it using a photo or a fake finger, for example. It must also respect the privacy of the individual, and it has to be easy to use. If answering the question “Who are you?” drastically interrupts the flow of behavior, people will choose a less secure option or, where possible, skip security entirely.
Establishing digital identity is hard, but technology is evolving in a way that will make the process seamless. Soon, entering a password will be as rare as writing letters by hand. At some point, as passwords become a thing of the past, our identities will be the key to our digital lives, inferred by our behavior, our location, and who we are rather than what we know.