Forget PINs and passwords; in the future, the password will be you

Image | George Yanakiev

Biometric test complete: Access permitted. These words, which are common in science fiction films and video games, will soon become the norm for all citizens. Biometrics, the study of automated methods for recognising human beings based on their physical and biological features, is one of the keys to the future with respect to security. No more typing a username, password or PIN each time you want to access digital services; nowadays, cryptographic technologies are being developed which enable the user to be recognised by their voice, fingerprint, iris, or facial features.

The advantages of combining these types of systems is very relevant for the user; there is no risk of losing or forgetting passwords, and most importantly, it aims to eliminate the risk of identity theft. Therefore, in the end it is about more reliable and convenient technology for the citizen. Additionally, the application does not only deal with increasing security; biometric recognition systems are broad in scope, and can also be implemented in all areas or objects that need access control, such as physical spaces like offices, storerooms and CCTV and also in objects such as computers, cars, alarms and of course, mobile phones. The smart phone has become an object that provides access to multiple services, so it is very important that this access is well protected. In this context, biometrics represents the next logical step for guaranteeing security for the user.

Captura de pantalla 2015-10-16 a las 9.58.04

Image | FIDO Alliance

There are three types of biometric authentication:

  • Sensory includes everything relating to the touch system, from fingerprint scanning to identifying someone through vascular recognition, which is based on the geometry of their arterial tree. This type of recognition is usually done with only one finger or a hand.
  • In visual identification, biometrics includes analysing facial features in 2D or 3D. For example, if a user wants to access their banking service which is protected by a biometric facial recognition system, all they have to do is show their face to a smart phone camera so that it can follow all the relevant processes. Projection of a facial map or their volumetric description are some of the facial features that are used to carry out this authentication. This type of biometric system also includes recognition through analysing the eye, more specifically the iris, retina and pupil, which works through high-resolution cameras or infrared illumination.
  • Finally, there are voice authentication systems. In these cases, speaking into the microphone of the phone is enough to detect the user’s own physical characteristics. This biometric parameter is based on both the person’s physical structure of the voice tract and the characteristics of their behaviour, such as movement of the mouth or pronunciation.

Every human being has a unique code created from their genetic traits; so it’s logical that the next step is to be identified from these characteristics. In light of this knowledge, in 2012, FIDO (Fast Identity Online Alliance) was created, a partnership between companies like Paypal, Lenovo, Nok Nok Labs and Validity Sensors that laid the foundations for a protocol generated from these biometric processes to increase access security to browsers, web pages and contents on the cloud. FIDO works to improve the user’s experience, offering them access systems to digital services for which a password will not be needed, only their physical traits. Another action line of the Alliance is to standardise the protocols and security certificates for companies that want to use this type of authentication.

Initiatives like this suppose that widespread adoption of biometrics by large companies is not far away. Hence its introduction at a social level is only one step away.