Using Fingerprint & Facial Biometrics as Passwords
Forgotten Your Password? No Problem – Use Your Fingerprint
How often do you try to log into an online platform, but you can’t remember your password? Is this the one that requires a capital letter? Or is it a special character?
The fact is, the majority of people have pretty poor password security. They’ll have one ‘main’ password that they use, and then variations of this across different sites – a habit that comes with obvious vulnerabilities. This isn’t just personal users, either – we regularly see this type of behaviour within businesses too.
Thankfully, new security technologies are surpassing passwords in terms of both strength and convenience. Because having to go through the ‘Forget Your Password’ process almost every time you log in is certainly not convenient.
Keep reading to learn more about this technology – and what it means for security measures in your business.
Biometrics as Passwords?
Biometrics is a feature many of us are already familiar with. Every time you unlock your smartphone with fingerprint or facial recognition, or ask Siri for a weather update, you’re using the technology.
Previously, the security aspect of biometrics was exclusive to ‘offline’ services, such as unlocking your smartphone or logging into an app. But now it’s available for online services too, with Google announcing last year that it was replacing passwords for Android users. Instead of verifying your identity with a combination of numbers, letters and special characters, you can now use your fingerprint or screen lock when visiting certain websites.
Apple has also launched their version. Earlier this year, they introduced a way for web developers to incorporate Face ID and Touch ID into their websites, so Safari users can log in without having to enter their details. The future is well and truly here.
How Secure is it Really?
Google has based their biometrics verification on FIDO2 Web Authentication (WebAuthn) and Client-to-Authenticator Protocol (CTAP) specifications. FIDO2 aims to address global password problems, as well as all of the issues of traditional authentication. So it’s pretty secure. But, like any collection of data, there are security concerns to be aware of:
- Complacency – Some people may not use some of the common sense security measures we use today because they think biometrics solves all their problems.
- Vulnerabilities – You can change passwords, but you can’t change your fingerprint. If the data becomes compromised, this can be concerning.
- Duplications – Criminals could take high-res photos of you, or copy your fingerprints from a glass in a cafe.
Find Out More from the Security Specialists
Using biometrics is certainly a more secure way of managing logins than slightly modified versions of the same password across every website you visit. Although we do recommend that you should still use two-factor authentication where possible.
If you’re running a business, it’s important to consider all aspects of your security and ensure you’re proactively protecting your information. If you want to learn more, reach out to the team at the IT Department. We’d be happy to help.
How do I use my fingerprint to log into Google?
If you have a compatible Android device, visit passwords.google.com via the Chrome app. Tap on any of the passwords and Google will ask to “verify that it’s you”. At this point, you can authenticate yourself by using your fingerprint or any other preferred method you use to unlock your phone.
Can Face ID be fooled by a photo?
Facial recognition comes with its vulnerabilities but the technology is getting more secure. Apple’s Face ID on the iPhone X, for example, works by projecting more than 30,000 dots on the face to create an infrared map. This type of technology means that the smartphone can tell the difference between a real face and a photo.
Does Google save my fingerprint?
No, your fingerprint never leaves your device. It’s not shared with Google or any apps on your device. When you sign in using your fingerprint, your smartphone’s unlock system authenticates you on-device and simply communicates the authentication to Google. This method makes it more secure than passwords, as the verification information remains solely on your phone.